fred@rover.UUCP (Fred Christiansen) (06/30/87)
we're thinking of getting an Ethernet monitor/analyzer for some TOP work. we need to examine packets/frames, to select frames meeting certain criteria, etc. i've seen some monitors that know about XNS or TCP/IP packet types and display per those formats. i'm aware of the existence of CMC's, HP's, and Excelan's products, but not their capabilities. do any of them already support the TOP protocol stack thru, say, transport? or, can i teach any of these about the various PDU formats? i suspect parts of this have been discussed before. does anyone remember what was discussed? can anyone suggestive creative uses of such tools that might otherwise illude a novice user? thanks! -- << Generic disclaimer >> Fred Christiansen ("Canajun, eh?") @ Motorola Microcomputer Division, Tempe, AZ UUCP: {seismo!noao!mcdsun, utzoo!mnetor, ihnp4}!mot!fred ARPA: oakhill!mot!fred@ut-sally.ARPA "Families are Forever"
jwhitnel@csib.UUCP (07/08/87)
In article <402@rover.UUCP> fred@rover.UUCP (Fred Christiansen) writes: >we're thinking of getting an Ethernet monitor/analyzer for some >TOP work. we need to examine packets/frames, to select frames >meeting certain criteria, etc. i've seen some monitors that >know about XNS or TCP/IP packet types and display per those formats. You might also want to look at Network General's Sniffer. They support a large number of protocols, as well as displaying of the packet in hex/ascii/ ebcidic dumps. I know they have XNS and I think TCP/IP. They also support writting your own protocol disassemblers (in C). Finally, they also support filtering of the packets on various criteria. Their number is (408) 734-0464. Jerry Whitnell Communication Solutions, Inc.
cyrus@hi.UUCP (Tait Cyrus) (07/09/87)
In article <1139@csib.UUCP> jwhitnel@csib.UUCP (Jerry Whitnell) writes: >In article <402@rover.UUCP> fred@rover.UUCP (Fred Christiansen) writes: >>we're thinking of getting an Ethernet monitor/analyzer for some >>TOP work. we need to examine packets/frames, to select frames >>meeting certain criteria, etc. i've seen some monitors that >>know about XNS or TCP/IP packet types and display per those formats. > >You might also want to look at Network General's Sniffer. They support >a large number of protocols, as well as displaying of the packet in hex/ascii/ >ebcidic dumps. I know they have XNS and I think TCP/IP. They also support >writting your own protocol disassemblers (in C). Finally, they also support >filtering of the packets on various criteria. Their number is (408) 734-0464. Here at the University of New Mexico we built up a network monitor/analyzer package around a SUN 3. We were building some ethernet hardware and needed some way to see if we were transmitting things correctly, you know - network byte order. Using the NIT (Network Interface Tap) protocol on the SUN, we were able to put the SUN's ethernet board in promiscuous mode and capture all packets. Now anyone that is familiar with SUN knows about 'etherfind' which basically does the same thing, or 'tcpdump' which gives a little more info than 'etherfind'. What we needed was some way to dump all incoming packets, from our hardware, to a file to be analyzed later. Well, this package now has the ability to display, split screen style, both directions of a connection, capture packets (to be looked at in depth later) plus anything else we might want it to do. We have even built up some utilities which verify checksums (in ip & tcp packets), in a machine INDEPENDENT way. This means that you can look at these packets, which were dumped to file, on any machine you like. You don't have to worry about any evil "Network-byte-order" problems. It would be easy to add to this package to do just about anything you wanted it to, whether it was capture XNS packets, IP packets or your own XYZ type packets. We are still cleaning some things up in this package to add some more options. When we feel it is clean enough, we will post it. Unlike 'tcpdump' which was derived from SUN sources and whose sources can't be posted, our package was not derived from sources. We feel that just about anything that needs to be looked at can be derived from our program. One thing, though, that can't, as far as I know, be obtained from the NIT protocol, is the number of collisions. I have never really gotten 'down-and-dirty' with network monitors, so my perception of what an ethernet monitor/analyzer should do might be full of it. I would appreciate any suggestions or ideas of things to include in this this program, or any comments in general. -- @__________@ W. Tait Cyrus (505) 277-0806 /| /| University of New Mexico / | / | Dept of EECE - Hypercube Project @__|_______@ | Albuquerque, New Mexico 87131 | | | | | | hc | | e-mail: | @.......|..@ cyrus@hc.dspo.gov or | / | / seismo!unmvax!hi!cyrus @/_________@/
geoff@eagle_snax.UUCP ( R.H. coast near the top) (07/09/87)
I have been extremely impressed with the Sniffer (Network General), not least because there are optional protocol analysis modules for all your favorite protocols, including Sun RPC and NFS. I reckon it's already saved me about a week of debug time on one thorny issue. It's everything that SunOS "etherfind" could be if somebody focussed a couple of person-years of intensive effort on it, but it's here and now. (Mind you, if somebody DID write an "ultrafind" for the Sun it would be a lot cheaper for most of us... Network General charges more for a Compaq than we do for a 3/50....:-) -- "You want a disclaimer form? Next window, please..." Geoff Arnold, Sun Microsystems East Coast Division (home of PC-NFS) UUCP: {ihnp4,decwrl,...}!sun!garnold ARPA: garnold@sun.com
backman@interlan.UUCP (Larry Backman) (07/13/87)
In article <1139@csib.UUCP> jwhitnel@csib.UUCP (Jerry Whitnell) writes: >In article <402@rover.UUCP> fred@rover.UUCP (Fred Christiansen) writes: >>we're thinking of getting an Ethernet monitor/analyzer for some >>TOP work. we need to examine packets/frames, to select frames >>meeting certain criteria, etc. i've seen some monitors that >>know about XNS or TCP/IP packet types and display per those formats. > >You might also want to look at Network General's Sniffer. They support A second hearty recommendation for the Sniffer. We use it for TCP, XNS, ISO, Novell's Netware, NETBIOS and love it. Larry Backman Micom - Interlan