Path: utzoo!attcan!uunet!samsung!umich!caen!math.lsa.umich.edu!math.lsa.umich.edu!emv
From: mankin@GATEWAY.MITRE.ORG
Newsgroups: comp.archives
Subject: [tcp-ip] Re: 4.3bsd/watching icmp traffic
Message-ID: <1990Oct24.232252.11068@math.lsa.umich.edu>
Date: 24 Oct 90 23:22:52 GMT
Sender: emv@math.lsa.umich.edu (Edward Vielmetti)
Reply-To: mankin@GATEWAY.MITRE.ORG
Followup-To: comp.protocols.tcp-ip
Organization: The Internet
Lines: 23
Approved: emv@math.lsa.umich.edu (Edward Vielmetti)
X-Original-Newsgroups: comp.protocols.tcp-ip

Archive-name: iptrace/24-Oct-90
Original-posting-by: mankin@GATEWAY.MITRE.ORG
Original-subject: Re: 4.3bsd/watching icmp traffic
Archive-site: aelred-3.ie.org [192.48.115.36]
Archive-directory: /pub
Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti)

Ron,

We distribute a program that gets compiled into the 4.3 kernel and
lets applications read any or all IP traffic that is being forwarded.
It is called NETMON/iptrace.  The code and a document explaining
how it works and how to install it can be anonymously ftp'd
from aelred-3.ie.org (192.48.115.36): pub/netmon.tar or pub/netmon.tar.Z.
For your requirement, you would want to compile only the instrumented
ip_input.c.  Otherwise, follow the directions as given.  By the
way, the overhead of NETMON is about 5% or less, depending on the
packet arrival rate.  And iptrace uses CPU on the same order as the
gated executable.  

A. Mankin
mankin@gateway.mitre.org
MITRE-Washington Networking Center