chris@endgame.gsfc.nasa.gov (Chris Shenton) (02/14/91)
I recently saw this clever program from Silicon Graphics which watches traffic (of a specified protocol, I think) on the ether, and draws lines connecting machine names -- kind of like a dynamic traffic mapper. They called it netsnoop or netlook or some such... I'd like to try writing something like this but need pointers to the TCP/IP calls. I assume I'd be interested in the packet level stuff, just reading the TO and FROM addresses from the ip headers... Any pointers? Thanks in advance. Mail and I'll summarize. -- chris@asylum.gsfc.nasa.gov, ...!uunet!asylum.gsfc.nasa.gov!chris, PITCH::CHRIS
dbjoyner@eos.ncsu.edu (David Joyner) (02/15/91)
In article <CHRIS.91Feb13165923@endgame.gsfc.nasa.gov>, chris@endgame.gsfc.nasa.gov (Chris Shenton) writes: > I recently saw this clever program from Silicon Graphics which watches > traffic (of a specified protocol, I think) on the ether, and draws lines > connecting machine names -- kind of like a dynamic traffic mapper. They > called it netsnoop or netlook or some such... > > I'd like to try writing something like this but need pointers to the TCP/IP > calls. I assume I'd be interested in the packet level stuff, just reading > the TO and FROM addresses from the ip headers... Any pointers? > > Thanks in advance. Mail and I'll summarize. > I am also interested in this subject. I do know that it is possible to put an ethernet adapter into "promiscuous mode" where it receives all packets on the network. I do not know exactly how this is done (I think via ioctl calls) or where the packets are queued/stored by the ethernet adapter. This doesn't exactly seem like the best newsgroup for information on ethernet, but what is??? +===========================================================================+ | David B. Joyner (dbjoyner@eos.ncsu.edu) | North Carolina State University | +---------------------------------------------------------------------------+ | "Typically supercomputers use a single microprocessor." -Boston Globe | +===========================================================================+
jfjr@mbunix.mitre.org (Freedman) (02/15/91)
In article <1991Feb15.065610.1371@ncsu.edu> dbjoyner@eos.ncsu.edu (David Joyner) writes: >In article <CHRIS.91Feb13165923@endgame.gsfc.nasa.gov>, >chris@endgame.gsfc.nasa.gov (Chris Shenton) writes: >> I recently saw this clever program from Silicon Graphics which watches >> traffic (of a specified protocol, I think) on the ether, and draws lines >> connecting machine names -- kind of like a dynamic traffic mapper. They >> called it netsnoop or netlook or some such... >> >> I'd like to try writing something like this but need pointers to the TCP/IP >> calls. I assume I'd be interested in the packet level stuff, just reading >> the TO and FROM addresses from the ip headers... Any pointers? >> >> Thanks in advance. Mail and I'll summarize. >> > I too am interested in any kind of ethernet snooping with a Unix preferably BSD flavor machine - promiscuousness (sp?) is right up my alley. Jerry Freedman,Jr