stanonik@NPRDC.NAVY.MIL (Ron Stanonik) (10/19/90)
We've modified a copy of 4.3bsd ping to just watch icmps received; ie, not ping, just watch. We've got it running on our gateway, a vax running 4.3bsd. We'd also like to see icmps being forwarded through the vax. Any suggestions? Maybe using some socket type other than SOCK_RAW? Or maybe 4.3bsd just doesn't give applications a chance to get their hands on packets being forwarded? Thanks, Ron Stanonik stanonik@nprdc.navy.mil
mankin@GATEWAY.MITRE.ORG (10/24/90)
Ron, We distribute a program that gets compiled into the 4.3 kernel and lets applications read any or all IP traffic that is being forwarded. It is called NETMON/iptrace. The code and a document explaining how it works and how to install it can be anonymously ftp'd from aelred-3.ie.org (192.48.115.36): pub/netmon.tar or pub/netmon.tar.Z. For your requirement, you would want to compile only the instrumented ip_input.c. Otherwise, follow the directions as given. By the way, the overhead of NETMON is about 5% or less, depending on the packet arrival rate. And iptrace uses CPU on the same order as the gated executable. A. Mankin mankin@gateway.mitre.org MITRE-Washington Networking Center