This directory tree contains two utilities for monitoring Ethernet traffic: ETHERMON and INEPT. ETHERMON displays statistics on "who's talking to whom" while INEPT traps and displays selected packets. Both of them set the Ethernet controller into promiscuous mode and thus require PHY_IO privilege. Access to INEPT, in particular, should be strictly controlled as it can be used to intercept network packets containing possibly sensitive data to which the user would not normally have access. Both programs have been run on machines equipped with DEBNA's, DEUNA's, DEQNA's, and whatever controller is built into a VAXStation 3100. You'll have to take the following three steps to get these programs to run: 1. Edit the file ETHERMON_SETUP.COM in this directory so that the logical name ETHERMON_DIRECTORY (defined in the first line) points to the directory on your system which contains the files ETHERMON.EXE and ETHERMON.CLD and the logical name INEPT_DIRECTORY (defined in the second line) points to the directory which contains INEPT.EXE and INEPT.CLD. 2. Edit the file NODE_NAMES.DAT in your ETHERMON_DIRECTORY so that it contains all the Ethernet addresses and names of the nodes on your LAN. Each line in this file should contain the twelve hex digit Ethernet address starting in column one, followed by a space, followed by the one to six character node name. I've included a sample NODE_NAMES.DAT in the ETHERMON directory to help you with the file's format. Both ETHERMON and INEPT use the information in this file to translate between Ethernet address and node names. If a packet is trapped which contains an address not found in this file, both programs will display the first six characters of the Ethernet address rather than the node name. 3. Execute the command file ETHERMON_SETUP.COM. This defines all the logical names required by the programs and adds the verbs ETHERMON and INEPT to your process command tables. To invoke the programs, simply type ETHERMON or INEPT (plus any command qualifiers as described below) at the DCL prompt. ETHERMON is used to interactively monitor Ethernet traffic on a LAN. It can be used to get some idea of the volume and nature of the traffic on the wire. ETHERMON is meant to look similar to a VMS MONITOR screen. The top half of the screen displays traffic statistics including the current, average, minimum, and maximum rates of both bytes and packets travelling on the Ethernet. The bottom half of the screen contains two bar graphs which display the top eight transmitting and receiving nodes during the last collection interval. This collection interval can be controlled by using the /INTERVAL qualifier on the command line as with MONITOR. When running ETHERMON, pressing CONTROL_W will refresh the screen and CONTROL_Z will cause the program to exit. Any other keyboard input will be ignored. INEPT is used to trap and display selected Ethernet packets. Command qualifiers include: /ALL - Displays every packet which INEPT sees on the wire. This is the default. /TRANSMIT[=(node[,,,])] - Displays only those packets which originated at one of the specified nodes. The local node is the default if no node is specified. /RECEIVE[=(node,[,,,])] - Displays only those packets which are addressed to one of the specified nodes. The local node is the default if no node is specified. If both /TRANSMIT and /RECEIVE are present on the command line, INEPT displays packets which either originated at a node specified by /TRANSMIT or are destined for a node specified by /RECEIVE. /DISPLAY - Displays the packets to the screen. This is the default. /NODISPLAY can be used to suppress screen display. /OUTPUT[=filespec] - Dumps the packets to the specified file. The default file spec is INEPT.PACKETS. /DISPLAY and /OUTPUT are not mutually exclusive. /ASCII - Directs INEPT to display packet data bytes in their ASCII representation. As with the VMS DUMP facility, non-printable characters are displayed as a period (.). /HEXADECIMAL - Directs INEPT to display packet data bytes as two digit hexadecimal numbers. This is the default. /START=abs-time - Directs INEPT to start collecting packets at the specified time. /STOP=abs-time - Directs INEPT to stop collecting packets at the specified time. As with ETHERMON, when running INEPT interactively, pressing CONTROL_W will refresh the screen and CONTROL_Z will cause the program to exit. Any other keyboard input will be ignored. You can also exit INEPT by using /STOP to set a stop timer. Occasionally, for reasons I've yet to determine, INEPT hangs up shortly after starting. CONTROL_Y'ing and restarting it seems to cure the problem. Maybe somebody out there who knows more about programming Ethernet controllers than I do (which wouldn't be difficult, believe me) can figure this one out. Finally, a few words of caution and a disclaimer: INEPT can promiscously trap and display any packet which travels down your Ethernet. These packets might include passwords or other sensitive data. There is a tremendous potential for abuse. INEPT requires PHY_IO privilege to run. However, with this program, any user with PHY_IO on any VAX anywhere on your LAN can read packets originating from or destined to other remote nodes on your Ethernet. For this reason, you should consider very carefully who has PHY_IO privilege on all VAX nodes on your Ethernet before installing this program on your system. Protect it accordingly. Neither I nor Memorex Telex are to be held responsible for how or by whom this program is used nor are we liable for any damages or security breaches which may result from its misuse. Direct any questions, comments, etc. to: Dave Moore Memorex Telex 3301 Terminal Drive Raleigh, NC 27604 919-890-1527