Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!think.com!linus!linus!mbunix.mitre.org!jfjr
From: jfjr@mbunix.mitre.org (Freedman)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: traffic monitoring by net snooping
Keywords: Promiscuous ethernet
Message-ID: <1991Feb15.130700.10552@linus.mitre.org>
Date: 15 Feb 91 13:07:00 GMT
References: <CHRIS.91Feb13165923@endgame.gsfc.nasa.gov> <1991Feb15.065610.1371@ncsu.edu>
Sender: news@linus.mitre.org (News Service)
Organization: The MITRE Corp., Bedford MA
Lines: 22
Nntp-Posting-Host: mbunix.mitre.org

In article <1991Feb15.065610.1371@ncsu.edu> dbjoyner@eos.ncsu.edu (David Joyner) writes:
>In article <CHRIS.91Feb13165923@endgame.gsfc.nasa.gov>,
>chris@endgame.gsfc.nasa.gov (Chris Shenton) writes:
>> I recently saw this clever program from Silicon Graphics which watches
>> traffic (of a specified protocol, I think) on the ether, and draws lines
>> connecting machine names -- kind of like a dynamic traffic mapper. They 
>> called it netsnoop or netlook or some such...
>> 
>> I'd like to try writing something like this but need pointers to the TCP/IP
>> calls.  I assume I'd be interested in the packet level stuff, just reading
>> the TO and FROM addresses from the ip headers... Any pointers?
>> 
>> Thanks in advance. Mail and I'll summarize.
>> 
>


   I too am interested in any kind of ethernet snooping with a Unix
preferably BSD flavor machine - promiscuousness (sp?) is right up
my alley.

                               Jerry Freedman,Jr