bill@nerix.nerdc.ufl.edu (Bill Kirchhoff) (05/23/91)
I am looking for C/Assembly routines to place an IBM Token Ring card into promiscuous mode so that I can strip out the headers. The header information would then be used in a graduate research project on network load distribution. All help is greatly appreciated. - Bill -- * William S. Kirchhoff - Northeast Regional Data Center - Computer Analyst * * bill@nerix.nerdc.ufl.edu (AIX) bill@nervm.nerdc.ufl.edu (VM/CMS) * * The world's smallest RISC instruction set : SOLVE *
dzoey@TERMINUS.UMD.EDU (05/24/91)
> From: Bill Kirchhoff <bill@nerix.nerdc.ufl.edu> > I am looking for C/Assembly routines to place an IBM Token Ring card > into promiscuous mode so that I can strip out the headers. The firmware on stock IBM Token Ring cards does not allow promiscuous mode. The only think you'll when in promiscous mode are packets directed to the card, multicasts and broadcasts. You can buy a special board from IBM ("Performance and Measurement Card"? Not sure if that's the name) that has a different set of firmware that does allow promiscous mode. You can also buy 3rd party token ring boards that will support promiscous mode. Lastly, you can spend a few thousand dollars and get a Lanalyzer or equivalent tool. Your best bet is to find some ethernet :-) Joe Herman U. of Maryland. dzoey@terminus.umd.edu
CHARLIE@UMVMA.BITNET (Charlie Turner) (05/24/91)
On Thu, 23 May 91 15:58:43 GMT Bill Kirchhoff said: >I am looking for C/Assembly routines to place an IBM Token Ring card >into promiscuous mode so that I can strip out the headers. The header >information would then be used in a graduate research project on >network >load distribution. All help is greatly appreciated. > My understanding is that, except for the special trace and performance (TAP) T/R adapter, IBM T/R adapters have no promiscuous mode. This is what IBM marketing folks say when you ask about security. On the other hand, I don't understand how a non promiscuous T/R adapter could work in a bridge but they do. So are they *really* non promiscuous? Inquiring minds would like to know!
dzoey@TERMINUS.UMD.EDU (05/25/91)
> From: Charlie Turner <CHARLIE%UMVMA.bitnet@umrvmb.umr.edu> > On the other hand, I don't understand how a non promiscuous T/R > adapter could work in a bridge but they do. So are they *really* > non promiscuous? The token ring bridge isn't really a bridge, but a brouter (yes, folks it's more confusing terminology! Question: What's a gateway? Answer: about 10 pounds. But I digress.) The TR bridge doesn't forward all packets between the two rings. When a machine on one ring (HOSTA) wants to communicate with a machine on another ring (HOSTJ), it sends out (for the sake of the IP world) an ARP which is transmitted as a (possibly all-rings) broadcast. When the bridge receives a broadcast it records its (the bridge's) address in the packet's source routing field and broadcasts it on the other ring. When HOSTJ receives the broadcast packet, it stores HOSTA's address and the source routing information that was collected on the way. When HOSTJ replies to HOSTA, it puts the source routing information it collected about HOSTA into the packet. Each bridge the packet passes reads the source route and gets the address for the next hop. Source routing is not part of the 802.5 standard (or it wasn't last time I was involved in this stuff. It's been a while since I looked). It's an IBM implementation standard. The IBM token ring tech ref. does a reasonable job of explaining source routing more detail. Joe Herman U. of Maryland
jbvb@FTP.COM ("James B. Van Bokkelen") (05/25/91)
I am looking for C/Assembly routines to place an IBM Token Ring card
into promiscuous mode so that I can strip out the headers.
As far as I know, IBM specifically designed all of its standard Token Ring
adapters so they cannot be placed in promiscuous mode under any circumstances.
This is a "security feature". IBM does have a special "Ring Monitoring"
interface, but when I last asked, they weren't willing to provide any
programming information (it is used by their own ring monitoring products).
Most other vendors' 802.5 cards use the TI chipset, and can be placed in
promiscuous mode given the proper firmware (frequently supplied as PROMs
by the board vendor).
James B. VanBokkelen 26 Princess St., Wakefield, MA 01880
FTP Software Inc. voice: (617) 246-0900 fax: (617) 246-0901j_rodin@hpfcso.FC.HP.COM (Jon Rodin) (05/28/91)
The Proteon token-ring boards can be put into promiscuous mode. That is why 802.5 LAN analyzers like the Sniffer and LANWatch run on Proteon cards. Jon Rodin j_rodin@cnd.hp.com
dbrown@apple.com (David Brown) (05/30/91)
In article <7260010@hpfcso.FC.HP.COM> j_rodin@hpfcso.FC.HP.COM (Jon Rodin) writes: > The Proteon token-ring boards can be put into promiscuous mode. That is why > 802.5 LAN analyzers like the Sniffer and LANWatch run on Proteon cards. Not quite - the older 4mb T/R card for the Sniffer was based on a 3Com TokenLink (at least ours is), and the newer 16/4 card is based on the IBM card. David Brown 415-649-4000 Orion Network Systems (a subsidiary of Apple Computer) 1995 University Ave Suite 350 Berkeley CA 94704
dana@locus.com (Dana H. Myers) (06/01/91)
In article <7260010@hpfcso.FC.HP.COM> j_rodin@hpfcso.FC.HP.COM (Jon Rodin) writes: >The Proteon token-ring boards can be put into promiscuous mode. That is why >802.5 LAN analyzers like the Sniffer and LANWatch run on Proteon cards. Heh-heh. I haven't seen the token ring standard proper, but I know from experience that token ring interfaces in promiscuous mode make this clear to the rest of the ring. Several years ago a coworker connected a sniffer to a rather large ring at a large company. The next day the network police showed up and insisted testing using the sniffer take place on a private ring. -- * Dana H. Myers KK6JQ | Views expressed here are * * (213) 337-5136 | mine and do not necessarily * * dana@locus.com | reflect those of my employer *