Path: utzoo!utgpu!watserv1!watmath!att!emory!gatech!taco!eos.ncsu.edu!dbjoyner From: dbjoyner@eos.ncsu.edu (David Joyner) Newsgroups: comp.protocols.tcp-ip Subject: Re: traffic monitoring by net snooping Keywords: Promiscuous ethernet Message-ID: <1991Feb15.065610.1371@ncsu.edu> Date: 15 Feb 91 06:56:10 GMT References: Sender: news@ncsu.edu (USENET News System) Reply-To: dbjoyner@eos.ncsu.edu (David Joyner) Organization: North Carolina State University Lines: 28 In article , chris@endgame.gsfc.nasa.gov (Chris Shenton) writes: > I recently saw this clever program from Silicon Graphics which watches > traffic (of a specified protocol, I think) on the ether, and draws lines > connecting machine names -- kind of like a dynamic traffic mapper. They > called it netsnoop or netlook or some such... > > I'd like to try writing something like this but need pointers to the TCP/IP > calls. I assume I'd be interested in the packet level stuff, just reading > the TO and FROM addresses from the ip headers... Any pointers? > > Thanks in advance. Mail and I'll summarize. > I am also interested in this subject. I do know that it is possible to put an ethernet adapter into "promiscuous mode" where it receives all packets on the network. I do not know exactly how this is done (I think via ioctl calls) or where the packets are queued/stored by the ethernet adapter. This doesn't exactly seem like the best newsgroup for information on ethernet, but what is??? +===========================================================================+ | David B. Joyner (dbjoyner@eos.ncsu.edu) | North Carolina State University | +---------------------------------------------------------------------------+ | "Typically supercomputers use a single microprocessor." -Boston Globe | +===========================================================================+