baccala@eng.umd.edu (Brent W. Baccala) (05/05/91)
Hopefully, someone out there with the Novell Assembler API docs will be able to answer these questions, which arise only because I'm trying to program the APIs without the docs. I'm hoping to be getting the C version, but that won't help me out understanding the interrupt interface anyway. Basically, I am trying to found out how much traffic my PC is sending out across the network (and receiving, but I haven't gotten that far yet). After looking at IPXPKT, I decided that this could be done without too much trouble by intercepting Function 3 calls (this sends an IPX packet, right?). I set up a monitoring routine to install its own INT 2F, which returned the address of its own FAR CALLable routine, which checked the value of BX before passing it along to the original IPX call entry. I installed my routine after running IPX, but before NET. This is with MS-DOS 3.30 and NetWare 2.15 SFT. Using this method, I got 1 (one) call to Func 3 during a NET + LOGIN combination. Looking farther, I saw IPX grabbing INTs 64H and 7AH, both of which provided a direct entry into the IPX function call. Patching them as well, I still recorded 1 call to Func 3. The most calls I did record were to Func 8 (I think this is a status checking routine of some sort) and Func A (a non-preemptive task switch?). I recorded around 14,000 (decimal) calls to each of these functions, leading me to beleive that my code is working right. No other function numbers received anywhere around the number of calls I was expecting. The third highest was Func 5, with 201 (decimal) calls. I didn't monitor any calls above 18H, because there aren't any, right? Perhaps this is needless to say, but NET and LOGIN worked fine with my monitoring stuff installed. So here are the $10 million questions: - Is there some other way (documented) to send packets other than this Func 3 interface? SPX packets would still have to go through IPX transmission on Func 3, right? - Is there some other way (undocumented) that Novell programs like NET use to communicate over the net? Something other than INTs 2F, 64, 7A? Thanks in advance. -- -bwb Brent W. Baccala baccala@eng.umd.edu
Howard_Reed_Johnson@cup.portal.com (05/08/91)
Brent W. Baccala <baccala@eng.umd.edu> asks: > Basically, I am trying to found out how much traffic my PC is sending > out across the network (and receiving, but I haven't gotten that far > yet). After looking at IPXPKT, I decided that this could be done > without too much trouble by intercepting Function 3 calls (this > sends an IPX packet, right?). Sorry. Nice try. It's not that clean. > - Is there some other way (documented) to send packets other than this > Func 3 interface? SPX packets would still have to go through IPX > transmission on Func 3, right? No, IPX function 3 (IPXSendPacket) is the only documented way to send IPX packets. SPX uses the IPXSendPacket routine, but it doesn't go through the dispatch code. It makes direct near calls to IPXSendPacket. > - Is there some other way (undocumented) that Novell programs like NET > use to communicate over the net? Something other than INTs 2F, 64, 7A? Yes. It's a deprecated feature known as fast send, it is not supported externally, and it has never been documented. No, I don't think I can tell you how it's done. Back to the *real* question: how to monitor IPX traffic statistics. I refer you to the documentation which describes IPX/SPX diagnostics. It involves using SPX to retrieve diagnostic counters maintained by IPX/SPX. It's not very pretty, but it works.
tgaffney@dit.ie (05/10/91)
In article <1991May5.011604.7247@eng.umd.edu>, baccala@eng.umd.edu (Brent W. Baccala) writes: > Hopefully, someone out there with the Novell Assembler API docs will > be able to answer these questions, which arise only because I'm trying > to program the APIs without the docs. I'm hoping to be getting the C > version, but that won't help me out understanding the interrupt > interface anyway. > > Basically, I am trying to found out how much traffic my PC is sending > out across the network (and receiving, but I haven't gotten that far > yet). After looking at IPXPKT, I decided that this could be done > without too much trouble by intercepting Function 3 calls (this > sends an IPX packet, right?). I set up a monitoring routine to install > its own INT 2F, which returned the address of its own FAR CALLable routine, > which checked the value of BX before passing it along to > the original IPX call entry. I installed my routine after running > IPX, but before NET. This is with MS-DOS 3.30 and NetWare 2.15 SFT. > > Using this method, I got 1 (one) call to Func 3 during a NET + LOGIN > combination. Looking farther, I saw IPX grabbing INTs 64H and 7AH, > both of which provided a direct entry into the IPX function call. > Patching them as well, I still recorded 1 call to Func 3. > > The most calls I did record were to Func 8 (I think this is a status > checking routine of some sort) and Func A (a non-preemptive task > switch?). I recorded around 14,000 (decimal) calls to each of these > functions, leading me to beleive that my code is working right. No > other function numbers received anywhere around the number of calls I > was expecting. The third highest was Func 5, with 201 (decimal) > calls. I didn't monitor any calls above 18H, because there aren't > any, right? > > Perhaps this is needless to say, but NET and LOGIN worked fine with > my monitoring stuff installed. > > So here are the $10 million questions: > > - Is there some other way (documented) to send packets other than this > Func 3 interface? SPX packets would still have to go through IPX > transmission on Func 3, right? > > - Is there some other way (undocumented) that Novell programs like NET > use to communicate over the net? Something other than INTs 2F, 64, 7A? > > Thanks in advance. > -- > -bwb > > Brent W. Baccala > baccala@eng.umd.edu In IPX / SPX Function 00 to 0bH and 10 to 17 are Documented IPX Calls Novell Use it Own Functions to communicate 0C to 0f and 18 and above depending on IPX version. The Function you need to montitor is Function 0F This is simillar to Function 03 in format, i.e. ES:SI point to the ECB to be sent to the Server. Function 0D show the CARD Max Packet Size. It returns the Size in AX and ECB Header Size in CX ( I Think ) The Packet size is a little over 1k. Novell Also use Function 0E but as yet I haven't work it out yet. Hope This will help. DDDDD IIII TTTTTTTT Regards DDDDDD II TTTTTTTT Mario Brazil, DD DD II TT College of Technology, DD DD II TT Kevin Street DDDDDD .. II .. TT .. Dublin 8. DDDDD .. IIII .. TT ..