Very Computer

by **Viktor A. Teslik** » Fri, 10 Dec 1993 03:59:45

The intention is to write a packet sniffer for svr4.
[ UnixWare SVR4.2 v1.0.3 +upbnu4, ne2k (ne200) or ee16 (intel EtherExpress) ]

It's known that svr4 implementations of network drivers are conformant to
DLPI specs (more or less).
The idea was to register all possible for my network DLSAPs
(i.e. "type" field of Ethernet packets; 8137 for Novell's,
0x800 and 0x806 for IP and arp respectivly) that would guarantee, as I thought,
those packets would come rigth to my application.
But after requesting info (DL_INFO_REQ), succesfully binding 8137 SAP and
turning on PROMISC ( ioctl ) mode I was trying to "getmsg" , but it hung...
What's wrong ?

PS: I dont have any books (or examples) on SVR4 Network Programming :(

__

Details:

bind_req=(dl_bind_req_t*)malloc(sizeof(dl_bind_req_t));
bind_req->dl_primitive=DL_BIND_REQ;
bind_req->dl_sap= 8137; /* (media_sp->promisc_sap);*/
bind_req->dl_service_mode = DL_CLDLS ; /* connectionless mode */

[ DL_BIND_ACK returns my_ether_addr:c9:1f ]

if (ioctl(fd,DLIOCSPROMISC)<0){
[ OK. I see it at the NE2000 LED as well ]

do {
if ((ret_val=getmsg(fd , Ctl_M, Dat_M, &Flgs)) < 0){
printf("getmsg failed\n");
exit(1);
}
printf(": %s\n | %s\n", Ctl_M->buf, Dat_M->buf );
} while (ret_val != 0);

by **Richard Mason** » Sat, 11 Dec 1993 00:04:43

Quote:
>The intention is to write a packet sniffer for svr4.
>What's wrong ?

>Details:

> bind_req=(dl_bind_req_t*)malloc(sizeof(dl_bind_req_t));
> bind_req->dl_primitive=DL_BIND_REQ;
> bind_req->dl_sap= 8137; /* (media_sp->promisc_sap);*/

^^^^

Quote:> bind_req->dl_service_mode = DL_CLDLS ; /* connectionless mode */

>[ DL_BIND_ACK returns my_ether_addr:c9:1f ]

> if (ioctl(fd,DLIOCSPROMISC)<0){
>[ OK. I see it at the NE2000 LED as well ]

> do {
> if ((ret_val=getmsg(fd , Ctl_M, Dat_M, &Flgs)) < 0){
> printf("getmsg failed\n");
> exit(1);
> }
> printf(": %s\n | %s\n", Ctl_M->buf, Dat_M->buf );
> } while (ret_val != 0);

Before I jump in and make myself sound like a total fool, is
this is special SAP value you bind to to get promisuous mode
(to get all SAPs)? Or are you trying to capture TCP/IP traffic
from all machines? If it's the latter case, you need to
bind to SAP 0x8137. If it's the former case, my information
is that the SAP to capture all ethernet traffic was to bind
to SAP -2 or -1 or something (can't remember which -- of
course, I could be completely wrong, but it doesn't hurt to
try). You may also want to try the DL_PROMISCON_REQ
primitive instead of (or in addition to) the ioctl. If you
have the device driver development kit, you have source code
for an Ethernet driver -- you just might take a look at that
code to determine what action you need to take. It lives at
/usr/src/<something>...

Good luck.
--
Richard F. Masoner | Seen on a magazine cover:
Central Data Corporation |
1602 Newton Dr., Champaign, IL 61821 | "Guns don't kill people,
(217) 359-8010 x251 | television does."

Very Computer

DLPI & STREAMS: How...

DLPI & STREAMS: How...

DLPI & STREAMS: How...