Path: utzoo!utgpu!watserv1!watmath!att!pacbell.com!ames!dftsrv!chris
From: chris@endgame.gsfc.nasa.gov (Chris Shenton)
Newsgroups: comp.protocols.tcp-ip
Subject: traffic monitoring by net snooping
Message-ID: <CHRIS.91Feb13165923@endgame.gsfc.nasa.gov>
Date: 13 Feb 91 21:59:23 GMT
Sender: news@dftsrv.gsfc.nasa.gov
Organization: none
Lines: 16

I recently saw this clever program from Silicon Graphics which watches
traffic (of a specified protocol, I think) on the ether, and draws lines
connecting machine names -- kind of like a dynamic traffic mapper. They 
called it netsnoop or netlook or some such...

I'd like to try writing something like this but need pointers to the TCP/IP
calls.  I assume I'd be interested in the packet level stuff, just reading
the TO and FROM addresses from the ip headers... Any pointers?

Thanks in advance. Mail and I'll summarize.




--
chris@asylum.gsfc.nasa.gov, ...!uunet!asylum.gsfc.nasa.gov!chris, PITCH::CHRIS