Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!udel!haven.umd.edu!mimsy!mojo!news From: baccala@eng.umd.edu (Brent W. Baccala) Newsgroups: comp.sys.novell Subject: Trying to monitor Novell packet traffic (myself) Message-ID: <1991May5.011604.7247@eng.umd.edu> Date: 5 May 91 01:16:04 GMT Sender: news@eng.umd.edu (C-News) Organization: College of Engineering, Maryversity of Uniland, College Park Lines: 48 Hopefully, someone out there with the Novell Assembler API docs will be able to answer these questions, which arise only because I'm trying to program the APIs without the docs. I'm hoping to be getting the C version, but that won't help me out understanding the interrupt interface anyway. Basically, I am trying to found out how much traffic my PC is sending out across the network (and receiving, but I haven't gotten that far yet). After looking at IPXPKT, I decided that this could be done without too much trouble by intercepting Function 3 calls (this sends an IPX packet, right?). I set up a monitoring routine to install its own INT 2F, which returned the address of its own FAR CALLable routine, which checked the value of BX before passing it along to the original IPX call entry. I installed my routine after running IPX, but before NET. This is with MS-DOS 3.30 and NetWare 2.15 SFT. Using this method, I got 1 (one) call to Func 3 during a NET + LOGIN combination. Looking farther, I saw IPX grabbing INTs 64H and 7AH, both of which provided a direct entry into the IPX function call. Patching them as well, I still recorded 1 call to Func 3. The most calls I did record were to Func 8 (I think this is a status checking routine of some sort) and Func A (a non-preemptive task switch?). I recorded around 14,000 (decimal) calls to each of these functions, leading me to beleive that my code is working right. No other function numbers received anywhere around the number of calls I was expecting. The third highest was Func 5, with 201 (decimal) calls. I didn't monitor any calls above 18H, because there aren't any, right? Perhaps this is needless to say, but NET and LOGIN worked fine with my monitoring stuff installed. So here are the $10 million questions: - Is there some other way (documented) to send packets other than this Func 3 interface? SPX packets would still have to go through IPX transmission on Func 3, right? - Is there some other way (undocumented) that Novell programs like NET use to communicate over the net? Something other than INTs 2F, 64, 7A? Thanks in advance. -- -bwb Brent W. Baccala baccala@eng.umd.edu