Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!wuarchive!udel!princeton!princeton.edu!tengi From: tengi@princeton.edu (Christopher Tengi) Newsgroups: comp.protocols.tcp-ip Subject: Re: Subject: traffic monitoring by net snooping Message-ID: <6507@idunno.Princeton.EDU> Date: 22 Feb 91 18:33:10 GMT References: <5455@s3.ireq.hydro.qc.ca> <85756@sgi.sgi.com> <1991Feb16.014841.10155@pa.dec.com> Sender: news@idunno.Princeton.EDU Reply-To: tengi@princeton.edu (Christopher Tengi) Organization: Princeton University - CIT Lines: 34 Jeff, In article <1991Feb16.014841.10155@pa.dec.com>, mogul@wrl.dec.com (Jeffrey Mogul) writes: |> In article <85756@sgi.sgi.com> vjs@rhyolite.wpd.sgi.com (Vernon Schryver) writes: |> >Trying to keep up with and properly filter network traffic from an Ethernet |> >or FDDI MAC in promiscuous mode requires substantial support below the |> >application. Such support, if present, is not currently likely to be |> >sufficiently similar on products from hardware vendors. |> |> I've ported a number of such programs, and (if the program structure |> is at all modular) it turns out to be pretty easy to get a program |> (e.g., tcpdump, nfswatch, statspy) to run on the following systems: |> Ultrix + Ultrix packet filter |> SunOs + NIT |> 4.xBSD + new "Berkeley Packet Filter" (BPF) |> and possibly the IBM RT using the modified Stanford packet filter done |> by some folks at Merit. |> I assume, from reading the above, that you did work on tcpdump and statspy to make them work with the Ultrix packet filter. If this is true, have your changes been melded back into the "original" sources for the rest of us to use? If not that, would you be willing to make patches available? /Chris -- ==========----------==========---------+---------==========----------========== UUCP: ...princeton!tengi VOICEnet: 609-258-6799 INTERNET: tengi@princeton.edu FAX: 609-258-3943 BITNET: TENGI@PUCC Brought to you by Super Global Mega Corp .com