wiltzius@lll-crg.llnl.gov (Dave Wiltzius) (11/28/90)
The BSD TCP/IP networking code has a TCP level circular trace buffer (filled by routine tcp_trace). Does anyone have a tool that would read this buffer from memory and format the information? We want this only for internal use and are willing to accept all liability, etc. If someone did a *really* nice job (i.e. allow filters on IP addresses, TCP ports, etc), perhaps the response should be posted. I would be glad to consider anything, however. Thanks much. Dave Wiltzius Lawrence Livermore Nat'l Lab Livermore, CA 94550 (415) 422-1551 wiltzius@lll-crg.llnl.gov
0004219666@MCIMAIL.COM (Bob Stine) (11/30/90)
>The BSD TCP/IP networking code has a TCP level circular trace >buffer (filled by routine tcp_trace). Does anyone have a tool >that would read this buffer from memory and format the information? Have you looked at TRPT? Its description, from RFC 1147, follows: Regards, Bob Stine ------cut here ------------------------------------------------------- Internet Tool Catalog TRPT NAME TRPT -- transliterate protocol trace KEYWORDS traffic; IP; eavesdrop; UNIX; free. ABSTRACT TRPT displays a trace of a TCP socket events. When no options are supplied, TRPT prints all the trace records found in a system, grouped according to TCP connection protocol control block (PCB). An example of TRPT output is: 38241 ESTABLISHED:input [e0531003..e0531203)@6cc5b402(win=4000)<ACK> -> ESTA- BLISHED 38241 ESTABLISHED:user RCVD -> ESTABLISHED 38266 ESTABLISHED:output 6cc5b402@e0531203(win=4000)<ACK> -> ESTABLISHED 38331 ESTABLISHED:input [e0531203..e0531403)@6cc5b402(win=4000)<ACK,FIN,PUSH> -> CLOSE_WAIT 38331 CLOSE_WAIT:output 6cc5b402@e0531404(win=3dff)<ACK> -> CLOSE_WAIT 38331 CLOSE_WAIT:user RCVD -> CLOSE_WAIT 38343 LAST_ACK:output 6cc5b402@e0531404(win=4000)<ACK,FIN> -> LAST_ACK 38343 CLOSE_WAIT:user DISCONNECT -> LAST_ACK 38343 LAST_ACK:user DETACH -> LAST_ACK MECHANISM TRPT interrogates the buffer of TCP trace records that is created when a TCP socket is marked for debugging. CAVEATS Prior to using TRPT, an analyst should take steps to isolate the problem connection and find the address of its protocol control blocks. BUGS None reported. LIMITATIONS A socket must have the debugging option set for TRPT to operate. Another problem is that the output format of TRPT is difficult. HARDWARE REQUIRED No restrictions. SOFTWARE REQUIRED BSD UNIX or related OS. AVAILABILITY Included with BSD and SunOS distributions. Available via anonymous FTP from uunet.uu.net, in file bsd- sources/src/etc/trpt.tar.Z.