Design of an Ethernet Monitor and Protocol Analyzer Gwenna S

Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations

1990 Design of an Ethernet monitor and protocol analyzer Gwenna S. Jacobson Iowa State University

Follow this and additional works at: https://lib.dr.iastate.edu/rtd Part of the Hardware Systems Commons

Recommended Citation Jacobson, Gwenna S., "Design of an Ethernet monitor and protocol analyzer" (1990). Retrospective Theses and Dissertations. 16878. https://lib.dr.iastate.edu/rtd/16878

This Thesis is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. Design of an Ethernet monitor

and protocol analyzer

Gwenna S. Jacobson

A Thesis Submitted to the

Graduate Faculty in Partial Fulfillment of the

Requirements for the Degree of

MASTER OF SCIENCE

Department: Electrical Engineering and Computer Engineering Major: Computer Engineering

Signatures have been redacted for privacy

Iowa State University Ames, Iowa 1990 11

TABLE OF CONTENTS

ACKNOWLEDGEMENTS VIll

1. INTRODUCTION ... 1

2. MONITORING TECHNIQUES 3

2.1 C en t ralized ~Ioni tor 3

2.1.1 Probe Monitor 3

2.1.2 Spy Monitor. 3

2.2 Distributed Monitor 4

2.3 Hybrid l\Ionitor ... 4

3. NETWORK PROTOCOLS .5

3.1 OSlo 5

3.1.1 Physical Layer. 6

3.1.2 Data Link Layer 6

3.1.3 Network Layer 8

3.1.4 Transport Layer. 11

3.1.5 Session Layer . . 13

3.1.6 Presentation Layer 1.5

3.1.7 Application Layer. 17

3.2 TCP/IP ...... 18 III

3.2.1 IP 20 3.2.2 TCP 21 3.2.3 FOP 23 :3.2.-! IC\IP 24

·V 3.2 ..5 ARp!RARP. ~.)

.)- 3.2.6 RIP _I

3.2.7 Telnet 28 3.2.8 FTP 28

3.2.9 S~ITP 28 3.3 Ethernet 29

4. NETWORK MONITOR DESIGN 37 4.1 Hardware 37 4.2 Software 37 4.2.1 F ser Interface 38 4.2.2 Filters 39 4.2.3 Data Capture 39 4.2.4 Data Display Windows 39

4.2 ..5 File I/O 44

4.2.6 Statistics. 44

4.2.7 Driver Software 44

5. CONCLUSIONS 47

6. BIBLIOGRAPHY 49 IV

7. APPENDIX A: ACRONYMS . .. .')1

8. APPENDIX B: SOURCE CODE. .')3 v

LIST OF FIGURES

Figure 3.1: OSI Layers...... 7

Figure 3.2: ISO IP packet data unit formats 9

Figure 3.3: ISO transport protocol fixed header formats 12

Figure 3.4: ISO session protocol data unit 14

Figure 3.5: ISO presentation protocol data unit 16

Figure 3.6: Comparison of DPA protocols to OSI layers. 19

Figure 3.7: Internet protocol format 20

Figure .3.8: TCP protocol data unit . 22

Figure 3.9: UDP protocol data unit. 23

Figure 3.10: ICMP protocol data unit 25

Figure 3.11: ARP jRARP protocol data unit 26

Figure 3.12: RIP protocol data unit 27

Figure 3.13: Ethernet frame .... 29

Figure 4.1: Block diagram of the User Interface 38

Figure 4.2: Filtering Setup Menus. 40

Figure 4.3: Data Capture Screen 41

Figure 4.4: Data Display Windows 42

Figure 4.5: Summary Display \Vindow 43 VI

Figure 4.6: Detail Display Window . . 43

Figure 4.7: Hexadecimal Display \Vindow 44

Figure 4.8: Store/Restore Menu ...... 4.5 Vll

LIST OF TABLES

Table 3.1: Ethernet Address Assignments for Vendors 31

Table 3.2: Ethernet Type Field Assignments . . . . . 34

Table 7.1: Acronyms ...... 52 VIll

ACKNOWLEDGEMENTS

I would like to thank Professor Terry Smay, my major professor, for his help on the project and helping me meet the deadlines. I would also like to thank Professor

Dick Horton and Professor Dale Grosvenor for serving on my committee.

I want to thank Lynn Christiansen who worked with me on this project. She encouraged me when I needed encouragement and worked with me although my schedule was difficult to work around.

I also need to thank Pam Myers, the graduate secretary, because I am sure without her constant reminders of deadlines I would have missed a few of them.

I am grateful to my parents for never imposing limitations on me and always encouraging me to test my abilities.

I especially want to thank my husband, Doug, for knowing this was something I wanted to finish and helping me to do it. He answered my many questions on various aspects of this project: He also spent many evenings taking care of things at home, enabling me to complete my degree. 1

1. INTRODUCTION

As local area networks have proliferated over the last decade, it is necessary to be able to monitor and analyze activity on these networks. This is even more necessary when LANs are internetworked together and all the computer systems on the network are not under one person's control or even one department's control.

A network monitor and protocol analyzer allows you to capt ure, decode, exam ine and analyze frames on the network and to isolate and identify problems on the network.

A protocol analyzer would be a valuable tool in computer networking classes.

Students could use the protocol analyzer to see the packets decoded. Several network protocol analyzers are commercially available, however they are expensive. An ad vantage of a protocol analyzer that is especially developed for the classroom instead of the commercial marketplace is that it would allow students to examine source code and write code modules for other protocols, thus giving them experience in network programrrung.

The network monitor and protocol analyzer discussed in this thesis was developed for the Ethernet protocol. The hardware used was an off-the-shelf 386 personal computer installed with a 3eom Ethernet board [1]. The Ethernet board used was a 3C505 intelligent Ethernet adapter board and came with driver software. The 2 board has an 80188 microprocessor, 512 Kbytes of memory and a DMA interface.

It captures, decodes and analyzes Ethernet protocols, TCP lIP protocols and OSI protocols.

The user interface was standardized to that of an FDDI monitor currently be ing developed by Lynn Christiansen. It was developed with a windowing library of routines called C \Vindows Toolkit [2]. 3

2. MONITORING TECHNIQUES

There are three commonly used monitoring techniques. They are centralized, distributed, and hybrid [3] [4].

2.1 Centralized Monitor

A centralized monitor is a monitor in which a dedicated station on the net work collects and analyzes data on that station. There are two types of centralized monitoring techniques. They are the probe monitor and the spy monitor.

2.1.1 Probe Monitor

The probe monitor injects packets onto the network and can be used to analyze how the network will perform under varying loads.

2.1.2 Spy Monitor

The spy monitor is a special node dedicated to monitoring the network passively.

It listens to already existing traffic on the network and does not introduce any ar tificial traffic onto the network. The monitor designed in this research was a spy monitor. 4

2.2 Distributed Monitor

A distributed monitor is a monitor where each station collects and analyzes data and then sends this information to a central location for further analysis.

2.3 Hybrid Monitor

A hybrid monitor is a monitor where data are collected and analyzed at both a central location and distributed locations. .5

3. NETWORK PROTOCOLS

A network protocol is a set of rules that govern the exchange of data between two communicating entities. There are two major protocol standards for the higher protocol layers, the OSI reference model and TCP /IP. At the two lower protocol layers the standards for local area networks (LANs) are the IEEE 802 series of standards.

There are three major types of LANs defined in IEEE 802, CSMA/CD bus, token ring and token bus. CSMA/CD is also known as Ethernet and is the type of LAN used in this research. The OSI reference model, Tep /IP and Ethernet are discussed in further detail in the following sections. The part of the protocol that is examined by the network monitor is the actual protocol data units (PDUs) associated with each layer.

3.1 OSI

In 19ii the International Organization for Standardization (ISO) established a subcommittee to define a communications architecture. The result was the Open

Systems Interconnection (051) reference model adopted in 1983. The OSI reference model uses the structuring technique of layering, where each layer in the network performs a certain subset of functions and passes the information on to the next lower layer where the next layer performs more primitive functions and conceals the 6 details of those functions [,5] [6] [i]. Each layer also provides serVIces to the next higher layer [8]. The OSI model has seven layers listed below and shown in Figure

3.1.

• the physical layer

• the data link layer

• the network layer

• the transport layer

• the session layer

• the presentation layer

• the application layer.

3.1.1 Physical Layer

The Physical Layer is concerned with the transmission of data over the physical medium. It deals with the mechanical, electrical, functional and procedural char acteristics to access the physical medium. The physical layer protocol used in this proje,ct is Ethernet and will be discussed in another section.

3.1.2 Data Link Layer

The data link layer provides for the reliable transfer of information across the physical link. It sends blocks of data (frames or packets) with the necessary synchro nization, error control, and flow control. This will also be discussed further in the

Ethernet section. 7

User 1 I APData I User 2

Application I All I Data Unit I Application

Presentation Iml Data Unit ] Presentation

Session ISH I Data Unit I Session

Transport Iml Data Unit I Transport

Network I NHI Data Unit I Network

Data Link IFIAlel Data Unit IFCSI FI Data Link

Physical I BITS I Physical

Connection Media

Figure 3.1: OS1 Layers 8

3.1.3 Network Layer

The network layer provides upper layers with independence from the data transmission and switching technologies used to connect systems. It is responsible for establishing, maintaining, and terminating connections between systems.

ISO has developed a protocol called the internet protocol or IP which is a connectionless service. The ISO IP has two defined packet data unit (POD) types. They are the data POD and the error report POU.

The formats of the ISO IP protocol data unit are shown in Figure 3.2 and the field descriptions are listed below.

• Protocol identifier: When the source and destination station~ are connected to the same network, and internet protocol is not needed. In that case, the internet layer is null and the header consists of this single field of 8 bits.

• Length indicator: Length of the header in octets.

• Version: Included to allow evolution of the protocol. Either header format or semantics might change.

• POU Lifetime: Expressed as a multiple of .500ms. It is determined and set by the source station. Each gateway that the IP data unit visits decrements this field by 1 for each .500 ms of estimated delay for that hop (transit time to this gateway plus processing time).

• Flags: The SP flag indicates whether segmentation is permitted. The MS flag is the more flag and indicates if there are more fragments. The ER flag indicates whether an error report is desired by the source station if an IP data unit is discarded.

• Type: Indicates whether this is a Oata or Error PD U.

• POU Segment Length: Total data unit length in octets.

• POU checksum: Checksum on header. 9

Network Layer Protocol Network Layer Protocol 1 Identifier Identifier

Length Indicator 2 Length Indicator

Version/Protocol Id Extension 3 VersionlProtocol Id Extension

Lifetime 4 Lifetime

SP MS C/R Type 5 SP MS Reserved Type

Segment Length 6,7 Segment Length

Checkswn 8,9 Checkswn

Destination Address Length 10 Destination Address Length Indicator Indicator

Destination Address 11,m-1 Destination Address

Source Address Length Indicator m Source Address Length Indicator

Source Address m+1,n-1 Source Address

n n Data Unit Identifier n+1 Options n+2 P Segment Offset p-1 n+3 n+4 Total Length Reason for Discard ~ n+5 n+6 q1 q Options P p+1 Error Report Data Field Data z z Data Packet Format Error Packet Format

Figure 3.2: ISO IP packet data unit formats 10

The address part is always present.

• Destination Address Length

• Destination Address

• Source Address Length

• Source Address

The segmentation fields are present if the SP flag is set to 1.

• Data unit identifier: Intended to uniquely identify the PD F.

• Segment offset: Indicates where in the initial PD U this segment belongs, mea sured in 64 bit units.

• Total length: Specifies the total length of the original PD U.

An optional part may be included in the header.

• Options: These may include; padding, security, source routing, recording of route, quality of service and priority.

The Error Report. PDU is essentially the same as the Data PDU. The three flags, (SP, MS, ER) are set to 0 and there is no segmentation part of the header. In addition there is an extra field called the Reason for Discard.

• Reason for Discard: The major reasons include; general, address, source rout ing, lifetime, PDU discarded, and reassembly. 11

3.1.4 Transport Layer

The transport layer provides reliable, transparent transfer of data between end points. It provides end-to-end error recovery and flow control. It ensures that data packets are delivered error-free, in sequence, with no losses or duplication. This layer is the keystone of the concept of a computer communications architecture. It makes the network transparent to higher layers and is the last layer to do any error detection or correction.

The ISO protocol makes use of ten types of transport protocol data units (TP

DUs). They are listed below and the transport PDU format is shown in Figure

3.3.

• CR: Connection request

• CC: Connection confirm

• DR: Disconnect request

• DC: Disconnect confirm

• DT: Data

• ED: Expedited data

• AK: Acknowledgment

• EA: Expedited acknowledgment

• RJ: Reject

• ER: TPDU error

The descriptions of the fields found in the TPDU are listed below. 12

C onnecto JOn R eQues t Length CR CDT Source Reference Class Opt Indicator

Connection Confirm Length CC CDT Destination Reference Source Reference Class Opt Indicator

DOIsconnec t R eaues t Length DR Destination Reference Source Reference Reason Indicator -

Disconnect Confirm Length DC Destination Reference Source Reference Indicator --

Data (Class 0.1) I ~:~, IDT I-I~TPDU-NRI Data (Class 2.3 . and 4) E Length DT Destination Reference 0 TPDU-NR Indicator -- T E xpe dOtI e dDta a E Length EDTPDU- ED -- Destination Reference C Indicator T NR A c kIdnow e 1gement Length AK CDT Destination Reference ~ YR-TU-NR Indicator T

E x~e dOtIe d A c k noweI dIgemen t E Length EA Destination Reference YR-EDTU- Indicator - ~ NR Reject Length RJ CDT Destination Reference YR-TU-NR Indicator ~ T

TPDU Error Length ER -- Destination Reference Cause Indicator

Figure 303: ISO transport protocol fixed header formats 13

• Length indicator (Ll) (8 bits): Length of the header in octets.

• TPDU code (4 bits): Type of TPDU

• Credit (CDT) (4 bits): Flow control credit allocation.

• Source reference (16 bits): Reference used by the transport entity to identify the transport connection uniquely in its own system.

• Destination reference (16 bits): Reference used by the peer transport entity to identify the transport connection uniquely in its own system.

• Class (4 bits): Protocol class.

• Option (4 bits): Specifies normal or extended flow control fields, also whether flow control is to be used in Class 2.

• Reason (8 bits): Reason for requesting a disconnect or rejecting a connection request.

• EOT (1 bit): Used when a TSDU has been segmented. It is set to 1 on last TPDU.

• TPDlL~R (7 bits): Send sequence number of a DT TPDU.

• EDTPDU-NR (7 bits): Send sequence number of a ED TPDU.

• YR-TU-NR (8 bits): The next expected DT sequence number.

• YR-EDTU-NR (8 bits): The next expected ED sequence number

• Cause (8 bits): Reason for rejection of a TPDU.

3.1.5 Session Layer

The session layer provides the control structure for communication between applications. It establishes, manages, and terminates connections (sessions) between cooperating applications.

The formats of the session protocol data units are shown in Figure 3.4. The length of the parameters is variable and the descriptions are given below. 14

SPDU SI u PGI/PI - Field User Information

PGI PGI u PV Unit

PGI u Pl- Field

PI PI u PV Unit

Figure 3.4: ISO session protocol data unit 1.5

• SI: SPDU identifier

• LI: Length indicator

• PGI/PI: One or more PGI and/or PI units

• PV: Parameter Value

• PI-Field: One or more PI units

• PI: Parameter Identifier

3.1.6 Presentation Layer

The presentation layer provides independence to the application processes from differences in data representation. The ISO presentation protocol data units are shown in Figure 3.5.

• Type: This field has three subfields itemized below.

CC ( 2 bits): This subfield has four classes. They are itemized below. '" Universal (00): These are the generalized types such as integer and are defined in this standard. * Application wide (01): These are common to a particular application. * Context specific (10): These are related to the specific context III which they are used. * Private (11): These are user definable but not part of a standard. - P /e (1 bit): This subfield has two types itemized below. * Primitive (0): The content field directly represents the data. * Constructor (1): The content field is the encoding of one or more data values. - ID code (5 bits): This subfield defines the data type with different tag values. If the value of the ID code is greater than or equal to 31, then ad ditional octets must be added to the frame. The 28 types for the universal class of data types are itemized below. '" 1: Boolean 16

(a) Encoding of Each Value

TYPE Length VALUE

TYPE Length VALUE IEOCI

EOC = 0000 (b) Type Field

I CC I PIC I 10 Code

Icc IPIC 11 1 1 1 1 11 Ix X X X X X xl • • • First octet next octet

10 Ix X X X X X X Last Octect

CC = Class Code PIC = Primitive / constructor XX ..... X = 10 Code

0 Length (L) 1 <= L <= 127 1 1

K Length (L) 1008 11 I 128 <= L <= 2

1 0 0 0 0 0 0 Value terminated by EOC 1 1 01

Figure 3.5: ISO presentation protocol data unit 17

* 2: Integer * 3: BitString '" 4: OctetString '" 5: Null '" 6: Object Identifier * 7: Object Descriptor '" 8: External * 9-15: Reserved for addenda '" 16: Sequence and Sequence-of * 17: Set and Set-of * 18: N umericString (Character String) * 19: Printable String (Character String) * 20: TeletexString (Character String) * 21: VideotexString (Character String) '" 22: IA.5 String (Character String) * 23: UTCTime '" 24: GeneralizedTime * 25: Graphic String (Character String) '" 26: Visible String (Character String) '" 27: General String (Character String) '" 28: Reserved for addenda

• Length: This field specifies the length of the contents field if it is less than 128 octets. Otherwise, the first octet specifies the length of the length field and the remaining octets specify the length of the contents field. If the length of the contents field is not known then the length field has the value 1000000 and the contents field is terminated by an end-of-contents marker consisting of 16 zeros.

• Value: This is the actual data.

• EOC: End of Contents.

3.1.7 Application Layer

The application layer provides access to the OSI environment for users and also provides distributed information services such as electronic mail. 18

Since the format of the POlis for this layer is application dependent no format is shown.

3.2 TCPjIP

The U.S. Department of Defense has issued standards for a set of communication protocols referred to as the DOD protocol architecture (DPA) ~9] [10] [11]. These are based on the outgrowth of the ARPANET which was built by the Defense Advanced

Research Projects (DARPA) starting in the late 1960s. TCP lIP, named after the two main standards, is the name commonly used to refer to these standards. The National

Science Foundation (NSF), the Department of Energy, and the National Aeronautics and Space Administration (NASA) all participate using TCP lIP to connect many of their research sites with those of DARPA to form a national research internet. This collection of networks is known as the DARPA Internet, the TCP JIP internet or just the Internet. Because the TCP lIP was developed before the OSI reference model it does not map into the OSI reference model exactly.

The OPA architecture is based on a view of communication that involves three agents: processes, hosts, and networks. The OPA organizes protocols into four layers.

• Network access layer

• Internet layer

• Host-host layer

• Processl application layer

Figure 3.6 compares the protocols of the OPA to the seven layers of the OSI model. 19

5-7 SMTP FTP TELNET ISOTP

4 TCP UDP RIP

ICMP 3 IP ARP RARP

2 Ethernet Others

Figure 3.6: Comparison of DPA protocols to OSI layers 20

o 4 8 16 31 Internet Version Header Type of Service Total Length Length

Identifier lFIag~ Fragment Offset

TimetoUve Protocol Header Checksum

Source Address

Destination Address

Options & Padding

I I I------I Figure 3. i: Internet protocol format

3.2.1 IP

The internet protocol (IP) provides a connectionless, or datagram service, between hosts. Applications that need this service can have this provided by the transmission control protocol (TCP) which is the next higher layer. The format of the IP protocol data unit is shown in Figure 3.i.

• Version (4 bits): Version number.

• Internet header length (4 bits): Length of header in 32-bit words. The minimum number of words is five so a header must be 20 octets long.

• Type of service: Specifies reliability, precedence, delay, and throughput param eters.

• Total length (16 bits): Total datagram length. 21

• Identification (16 bits): Intended to uniquely identify the datagram.

• Flags (3 bits): The More flag is used to identify a fragmented packet. The next flag indicates whether segmentation is permitted. The third flag is not currently used.

• Fragment offset (13 bits): Indicates where in the datagram this fragment be longs measured in 64 bit units.

• Time to live (8 bits): :\Ieasured in 1 second intervals.

• Protocol (8 bits): Indicates the next level protocol that is to receive the data field at the destination.

• Header checksum (16 bits): Used for error detection.

• Source address (32 bits): Coded to specify a variable allocation between the network address and the station address (i and 24, 14 and 16. or 21 and 8).

• Destination address (32 bits): Encoded same as source address.

• Options (variable):

• Padding (variable): Ensures that the internet header ends on a 32 bit boundary.

• Data (variable): The data field is a multiple of 8 bits with a maximum of 6.5,535 octets.

3.2.2 TCP

';I'he transmission control protocol (TCP) was developed for the ARPANET and its interconnected subnetworks. TCP was designed to have minimal dependence on underlying networking services and therefore it is very robust, operating accurately when network and system failures occur.

The Tep protocol data unit is shown in Figure 3.8.

• Source port (16 bits): Identifies source port. 22 o 16 32

Source Port Destination Port

Sequence Number

Acknowledgement Number

Data Window Size Offset Reserved

Checksum Urgent Pointer

Options & Padding

Figure 3.8: TCP protocol data unit

• Destination port (16 bits): Identifies destination port.

• Sequence number (32 bits): Sequence number of the first data octet in this seg ment, except when SYN is present. If SYN is present, it is the initial sequence number and the first data octet is the initial sequence number plus one. The TCP protocol date unit is shown in Figure 3.8.

• Acknowledgment number (32 bits): A piggybacked acknowledgment. Contains the next octet that the TCP entity expects to receive.

• Data offset (4 bits): Number of 32-bit words in the header.

• Reserved (6 bits): Reserved for future use.

• Flags (6 bits):

URG: Urgent pointer. ACK: Acknowledgement field significant. - PHS: Push function. RST: Reset the connection.

SY~: Synchronize the sequence numbers. FIN: No more data from sender. 23

o 16 32

Source Port Destination Port

Length Checksum

Figure 3.9: UDP protocol data unit

• \Vindow (16 bits): Flow control credit allocation, in octets. Contains the num ber of data octets beginning with the one indicated in the acknowledgment field that the sender is willing to accept.

• Checksum (16 bits): Used for error detection.

• Urgent Pointer (16 bits): Points to the octet following the urgent data. This allows the receiver to know how much urgent data are coming.

• Options (Variable): At present, only one option is defined, which specifies the maximum segment size that will be accepted.

3.2.3 UDP

The User Datagram Protocol (UDP) is the Internet standard protocol that allows an application program on one machine to send a datagram to an application program on another machine. It uses the IP layer and adds the ability to communicate with different programs on the remote machine by means of a protocol port number.

The format of the UDP protocol data unit is shown if Figure 3.9. It is at the same layer as TCP.

• Source Port (16 bits): This is optional and for sending replies.

• Destination Port (16 bits); This is the port number of the waiting process. 24

• Length (16 bits): Length of UDP packet in octets.

• UDP Checksum (16 bits): Used for error detection.

3.2.4 ICMP

A host or gateway needs to be able to communicate control information and report error information. This is accomplished with the Internet Control ).Iessage

Protocol (ICMP) which is a required companion of the IP protocol but is not itself a higher layer protocol. There are several types of defined ICMP message types and they are:

• Echo Reply

• Destination Unreachable

• Source Quench

• Redirect (change a route)

• Echo Request

• Time Exceeded for a Datagram

• Parameter Problem for a Datagram

• Timestamp Request

• Timestamp Reply

• Information Request

• Information Reply

• Address Mask Request

• Address Mask Reply 2.5

o 8 16 31

Type Code Checksum

Parameters

I Information ~------

Figure 3.10: IC:\IP protocol data unit

The ICMP POU format is shown in Figure 3.10 and the field descriptions are given below.

• Type (8 bits): Specifies the type of IC~IP message.

• Code (8 bits): Used to specify parameters that can be encoded in a few bits.

• Checksum (16 bits): Used for error detection.

• Parameters (32 bits): Used to specify more lengthy parameters.

• Information (variable): Provides additional information related to the message.

3.2.5 ARP jRARP

The address resolution protocol (ARP) allows a host to find the physical address of another host on the same physical network when only the Internet address is known. The physical address is then used by the network access layer. It does this by broadcasting an ARP request that contains the host's internet address from which 26 o 16 32

Hardware Type Code Protocol Type Code

Octets in Each Octets in Each Hardware Address Protocol Address Operation Code

Sender Hardware Address (octets 0-3)

Sender Hardware Address (octets 4-5) Sender Internet Address (octets 0-1)

Sender Internet Address (octets 2-3) Target Hardware Address (octets 0-1)

Target Hardware Address (octets 2-5)

Target Internet Address (0-3)

Figure 3.11: ARP /RARP protocol data unit it needs the physical addresses. To keep from sending too many unnecessary ARP re.quests each machine keeps a cache of physical addresses it has used recently.

The ARP protocol does not take into account the case of a diskless workstation, where the workstation would have to use the network to access to the server and obtain the physical address. For this case the reverse address resolution protocol

(RARP) was developed.

These protocols do not map exactly into the OSI reference model but are between

the data link layer and the internet layer. The format the ARP IRARP protocol data

uni t is shown in Figure 3.11.

• Hardware (16 bits): This field specifies the hardware interface type, it is 1 for Ethernet. 27

o 8 16 31

COMMAND VERSION RESERVED

FAMILY OF NET 1 NET 1 AD DR., OCTETS 1-2

NET 1 ADDRESS, OCTETS 3-6

NET 1 ADDRESS, OCTETS 7-10

NET 1 ADDRESS, OCTETS 11-14

DISTANCE OF NETWORK 1

Figure 3.12: RIP protocol data unit

• Protocol (16 bits):

• HLEN (8 bits): Physical hardware address length.

• PLEN (8 bits): Protocol address length.

• SENDER HA (variable): Hardware address of sender.

• SENDER IA (variable): Internet address of sender.

• TARGET HA (variable): Hardware address of destination.

• TARGET IA (variable): Internet address of destination only in response.

3.2.6 RIP

Routing Information Protocol (RIP) is the protocol used to exchange routing information among computers. It is the most popular interior gateway protocol

(IGP) because it is distributed with many UNIX systems.

The protocol format is shown in Figure 3.12. 28

• Command (8 bits): Either a request or response for routing information.

• Version (8 bits): The protocol version number.

• Reserved (16 bits): Reserved for future use.

• Family of Net 1 (8 bits): Identifies the protocol family.

• Net 1 Address (variable): Can be up to 14 octets.

• Distance of Network 1 (8 bits): Integer count of gateway hops.

3.2.7 Telnet

Telnet is the Internet standard protocol for remote terminal connection service.

Telnet allows a user at one site to interact with a remote computer at another site as if the user's terminal connected directly to the remote machine. This process does not use a PD tT but communicates directly with the TCP layer by setting the source port and destination port fields in the Tep PDU to 23.

3.2.8 FTP

File Transfer Protocol (FTP) is the Internet standard high level protocol for transferring files from on computer to another. This process does not use a PDU but communicates directly with the Tep layer by setting the source port and destination port fields in the Tep PDU to 21.

3.2.9 SMTP

Simple Mail Transfer Protocol (SMTP) is the Internet standard protocol for transferring electronic mail messages from one machine to another. SMTP specifies how two mail systems interact and the format of control messages they exchange to 29

Destination Source Packet Preamble Address Address Type Data CRC

I 8 Bytes I 6 Bytes I 6 Bytes I 2 Bytes I 42-1500 Bytes I 4 Bytes

Figure 3.13: Ethernet frame transfer mail. This process does not use a PDU but communicates directly with the

TCP layer by setting the source port and destination port fields in the TCP PDU to

25.

3.3 Ethernet

Ethernet is a network with a bus topology that uses a medium access control

(~IAC) technique known as Carrier Sense ~Iultiple Access with Collision Detection

(CSMA/CD) [12] [13]. Ethernet was developed by Xerox and has become an IEEE standard, IEEE 802.3. Each station wishing to transmit listens to see if the bus is idle and if it is idle then it transmits. If however, the bus is busy the station waits until the bus is idle and then transmits. If a collision is detected during transmission the station stops transmitting and instead transmits a jam signal. The node then waits a random amount of time and then retransmits.

The format of the frame of for Ethernet is shown Figure 3.13.

• Preamble (64 bits): Provides packet and bit synchronization.

• Destination Address (48 bits): This is variable in IEEE 802.3 frame format.

• Source Address (48 bits): This is variable in IEEE 802.3 frame format. Each vendor is assigned a range of Ethernet addresses based on the upper 24 bits. Table 3.1 shows most of the current vendor address assignments. 30

• Packet Type (16 bits): In IEEE 802.3 frame format this is the length field. In Ethernet it determines the protocol type. Table 3.2 shows most of the current assignments for the type field.

• Data (Variable): This has some additional information at the beginning and padding at the end in the IEEE 802.3 frame format.

• eRe (32 bits): 31

Table 3.1: Ethernet Address Assignments for Vendors oooooe Cisco OOOOOF :.i eXT 000010 Sytek OOOOlD Cabletron 000020 DIAB (Data Intclustrier AB) 000022 Visual Technology 00002A TRW 0000.5A S &: Koch 0000.5E IA~A 00006.5 :'{ etwork General 00006B .\IIPS 000077 .\IIPS 00007A Ardent 0000S9 Cayman Systems Gatorbox 000093 Proteon 00009F Ameristar Technology 0000A2 Wellfleet 0000A3 :'{etwork Application Technology 0000A6 :'{ etwork General (internal assignment. not for products) 0000A7 NCD X-terminals 0000A9 :'{etwork Systems OOOOAA Xerox Xerox machines 0000B3 CIMLinc 0000B7 Dove Fastnet OOOOBe Allen-Bradley ooooeo Western Digital 0000C6 HP Intelligent :'{ etworks Operation (formerly Eon Systems) OOOOCS Altos 0000C9 Emulex Terminal Servers 0000D7 Dartmouth College (:\"ED Router) OOOODS 3Com? Novell? PS/2 OOOODD Gould OOOODE Unigraph 0000E2 Acer Counterpoint OOOOEF Alantec 32

Table 3.1 (Continued)

OOOOFD High Level Hardvare (Orion, FK) 000102 BB~ BB0i internal usage (not registered) 001iOO Kabel 00802D Xylogics. Inc. Annex terminal servers 00808C Frontier Software Development OOAAOO Intel OODDOO U ngermann-Bass 00DD01 U ngermann-Bass 020iOl :vnCOM/Interlan FNIBUS or QBUS machines. Apollo 020406 BBN BBN internal usage (not registered) 026086 Satelcom :\1egaPac (UK) 02608C 3Com IB:\1 PC: Imagen: Valid: Cisco 02CF1F C:\1C :\1asscomp: Silicon Graphics: Prime EXL 080002 3Com (Formerly Bridge) 080003 ACC (Advanced Computer Communications) 08000.5 Symbolics Symbolics LISP machines 080008 BBN 080009 Hewlett-Packard 08000A N estar Systems 08000B U nisys 080010 AT&T 080011 Tektronix. Inc. 080014 Excelan BBN Butterfly, :\Iasscomp. Silicon Graphics 08001i NSC 08001A Data General 08001B Data General 08001E Apollo 080020 Sun Sun machines 080022 NBI 080025 CDC 080026 Norsk Data (Nord) 08002i PCS Computer Systems GmbH 080028 TI Explorer 08002B DEC 08002E Yletaphor 33

Table 3.1 (Continued)

08002F Prime Computer Prime .SO-Series LHC300 080036 Intergraph CAE stations 080037 Fujitsu-Xerox 080038 Bull 080039 Spider Systems 080041 DCA Digital Comm. Assoc. 08004.5 ???? (maybe Xylogics. but they claim not to know this number) 080046 Sony 080047 Sequent 080049 LTnivation 08004C Encore 08004E BICC 0800.56 Stanford C niversity 0800.58 ,)?? DECsystem-20 0800.5A IBM 080067 Comdesign 080068 Ridge 080069 Silicon Graphics 08006E Excelan 08007.5 DOE (Danish Data Elektronik A/S) 08007C Vitalink TransLA~ III 080080 XIOS 080086 Imagen/QMS 080087 Xyplex terminal servers 080089 Kinetics AppleTalk-Ethernet interface 08008B Pyramid 080080 XyVision XyVision machines 080090 Retix Inc Bridges 4844.53 HDS ??? 800010 AT&T misrepresentation of 080010? AAOOOO DEC obsolete AAOOOI DEC obsolete AA0002 DEC obsolete AA0003 DEC Global physical address for some DECs AA0004 DEC Local logical address for running DEeNET 34

Table 3.2: Ethernet Type Field Assignments

000 OOOO-Oo5DC IEEE802.3 Length Field 2.57 0101-01FF Experimental 0512 0200 XEROX PUP (see OAOO) .513 0201 PCP Addr Trans (see OA01) 1.536 0600 XEROX ~S IDP 2048 0800- DOD IP 2049 0801 X.i.5 Internet 20.50 0802 ~BS Internet 20.51 0803 EC~IA Internet 20.52 0804 Chaosnet 20.53 080.5- X.2.5 Level 3 20.54 0806 - ARP 20.5.5 0807 X);S Compatability 2076 081C Symbolics Private 2184 0888-088A Xyplex 2304 0900 Ungermann-Bass net debugr 2560 OAOO Xerox IEEE802.3 pep 2.561 OA01 PUP Addr Trans 2989 OBAD Banyan Systems 4096 1000 Berkeley Trailer nego 4097 1001-100F Berkeley Trailer encap/IP .5632 1600 Valid Systems 16962 4242 PCS Basic Block Protocol 21000 .5208 BBN Simnet 24.576 6000 DEC Unassigned (Exp.) 24.5ii 6001 DEC ~IOP Dump/Load 24578 6002 DEC ~IOP Remote C'onsole 24.579 6003 DEC DECNET Phase IV Route 24580 6004 DEC LAT 24581 6005 DEC Diagnostic Protocol 24582 6006 DEC Customer Protocol 24583 600i DEC LAVC', SCA 24584 6008-6009 DEC Unassigned 24586 6010-6014 3C'om Corporation 28672 iOOO F ngermann-Bass download 286i4 i002 C ngermann-Bass dia/loop 28i04 i020-i029 LRT 28i20 7030 Proteon 3.5

Table 3.2 ( Continued)

28724 7034 Cabletron 32771 8003 Cronus VL~ 32772 8004 Cronus Direct 32773 800.5 HP Probe 32774 8006 ~ estar 32776 8008- AT&T 32784 8010 Excelan 32787 8013 SGI diagnostics 32788 8014 SGI network games 32789 801.5 S G I reserved 32780 8016 SGI bounce server 32783 8019 Apollo Computers 3281.5 802E Tymshare 32816 802F Tigan. Inc. 32821 803.5 Reverse ARP 32822 80.36 Aeonic Systems 32824 8038 DEC L.-\NBridge 3282.5 8039-803C DEC F nassigned 32829 8030 DEC Ethernet Encryption 32830 803E DEC F nassigned 32831 803F DEC LAN Traffic ~Ionitor 32832 8040-8042 DEC Unassigned 32836 8044 Planning Research Corp. 32838 8046 AT&T 32839 8047 AT&T 32841 8049 ExperData 32859 805B Stanford V Kernel expo 32860 805C Stanford V Kernel prod. 32861 8050 Evans & Sutherland 32864 8060 Little ~Iachines 32866 8062 Counterpoint Computers 32869 8065-8066 Fniv. of Mass.g Amherst 328i1 8067 Veeco Integrated Auto. 32872 8068 General Dynamics 32873 8069 AT&T 32874 806A Autophon 32876 806C ComDesign 32877 8060 Computgraphic Corp. 32878 806E-8077 Landmark Graphics Corp. 36

Table 3.2 ( Continued)

32890 807A ~Iatra 32891 807B Dansk Data Elektronik 32892 807C ~Ierit Internodal 32893 807D-80iF Vi t alink Communications 32896 8080 Vitalink TransLAN III 3289i 8081-8083 Counterpoint Computers 32923 809B Appletalk 32924 809C-809E Datability 32927 809F Spider Systems Ltd. 32931 80A3 ~ixdorf Computers 32932 80A4-80B3 Siemens Gammasonics Inc. 32960 80CO-80C3 DC'A Data Exchange Cluster 32966 80C6 Pacer Software 32967 80C7 Applitek Corporation 32968 80C8-80CC Intergraph Corporation 32973 80CD-80CE Harris Corporation 32974 80CF-8002 Taylor Instrument 32979 8003-8004 Rosemount Corporation 32981 800.5 IB~I SN A Service on Ether 32989 8000 Varian Associates 32990 800E-800F Integrated Solutions TRFS 32992 80EO-80E3 Allen-Bradley 32996 80E4-80FO Oatability 33010 80F2 Retix 33011 80F3 AppleTalk AARP (Kinetics) 33012 80F4-80F5 Kinetics 3301.5 80F7 Apollo Computer 33023 80FF-8103 \Vellfleet Communications 33031 8107-8109 Symbolics Private 33072 8130 Waterloo ~Iicrosystems 33073 8131 VG Laboratory Systems 33079 8137-8138 Xovell, Inc. 33081 8139-8130 KTI 33100 814(' SNMP 36864 9000 Loopback 3686.5 9001 3Com( Bridge) XNS Sys ~lgmt 36866 9002 3('om( Bridge) T(,P-IP Sys 36867 9003 3Com( Bridge) loop detect 6.5280 FFOO BBN VITAL-LanBridge cache 3;

4. NETWORK MONITOR DESIGN

4 .1 Hardware

The hardware used for this research was a 386 IB'\I compatible PC computer with an Ethernet board installed. The board is described below.

The 3Com Etherlink Plus adapter (3('.505) is a high-performance intelligent adapter board for IB~I AT's, PC's and compatibles. The adapter contains its own on-board 80186 microprocessor and 2.56 to .512KB of memory. ~etwork packet recep tion and transmission is handled by and 82.586 Ethernet coprocessor. The board has

16K bytes of RO.\I installed, which implements firmware to provide a host accessi ble command structure. initialization diagnostics, packet transmission and reception. and the capability to load programs onto the board. The board has two interfaces to allow connection to Ethernet. It has an on-board transceiver and B)j(' connection which allows you to directly connect to a thin Ethernet coax segment, or a serial transceiver connection to allow you to connect through a transceiver cable to an external transceiver that can be for either thick or thin Ethernet coax cable.

4.2 Software

The software was written in the (' language coded for the Microsoft (' compiler. and assembly language coded for the .Microsoft macro assembler. A library of driver 38

USER INTERFACE

DATA DATA FILElfO COLLECTION DISPLAY FILTERS

PROTOCOL DRIVER DISPLAY

Figure 4.1: Block diagram of the User Interface routines that came with the Ethernet board were also used. C \Vindows Toolkit,

\vhich is a C windowing library of routines, was also used.

4.2.1 User Interface

C Windows Toolkit was chosen to develop the user interface after looking at sev-

eral different libraries because it had windows that could be scrolled both horizontally

and vertically, and the other C windowing libraries did not have windowing routines

with this capability. The user interface was designed with Lynn Christiansen, who is

developing an FDDI monitor. The monitor designed in this thesis and that designed

by Lynn Christiansen were to be used in computer networking courses at Iowa State,

so the user interface was standardized as much as possible.

A block diagram of the user interface menu structure is shown if Figure 4.1. 39

4.2.2 Filters

The monitor was designed to allow the user the capability of setting filters for the data to be captured. The three types of filters are:

• Ethernet Address: This can be either source or destination addresses.

• Protocol: This could be any of the higher layer protocols based on the Ethernet type field.

• Pattern: This is to capture frames that contain this pattern.

Selecting a combination of the three types of filters is also allowed. The user interface menu for setting up the filter options are shown in Figure 4.2.

4.2.3 Data Capture

The monitor was designed to allow a user to capture data and store it to the

hard disk for later display and analysis.

The screen displayed during data capture is shown in Figure 4.3.

The data can be displayed as the user is capturing the data, although no detailed analysis can be done on the data during capture.

4.2.4 Data Display Windows

After the data are captured it can be displayed in several different windows. The

different windows include a summary display window, a detail display window, and a

hexadecimal display window. All three windows or any combination of two windows or a single window can be displayed on the screen. Figure 4.4 shows a view of the

screen with all three windows active. 40

, • , • , •••••• , • I. III LI "ETHERNET'MClNrTbR' " AND PROTOCOL ANALYZER 111111.1111111111 II

II II II "" II II "" II

~ Main Menu ~ Fi l tel' Menu _ _ Protocol Type _ Filter Setup Station Address »LLC Packets Capture Data ProtocoL »IP Packets Examine Data Match Pattern »ARP Packets Store/Restore Data No Filter )>RARP Packets Network Statistics »3COM Packets Quit ).Apollo Packets ).Ethertalk Packets ).A II Others

TH KEY EX S H URR N MENU X ~ N M NU

, ••• 1'11,,"., •• "•• ,. IllEtHERNHIMONHoR ,. AND PROTOCOL ANALYZER I I ••• , , " ••• I •••• , " I. " " I , I , , , II 'I I I I I I • I. r- Main Menu r- Filter Menu - I"'" Address Filter Setup Station Address From Station: Capture Data Protocol To Station: Examine Data Match Pattern Both To & From: Store/Restore Data No Filter Network Statistics Quit

1111111 " "'"11"""11111"'111" "' "' II IUlllllII II II !IIIIIIIIII '1111111 Llllll ,'"11' "'" 11111111 ,.111111.11111111.11. IFilter Address: ( -- - - - ) I it II 'III III II _~ c1111 II I I 11111 III I I III 11111 II :11 L 11111 !lllil 11 lill lUll H K Y X L' lU LN L' M NU IX I', 'ii M LIiu ,.

Figure 4.2: Filtering Setup Menus 41

I~llll'""'" I~ll~ I' 'ETHERNET 'MONitoR'" AND PROTOCOL ANALYZER I .. " " " " II II I ~ L1ll~ '""" "".11 1111 it II

~ Main Menu ~ Filter Menu - Filter Setup Station Address Capture Data Protocol Examine Data Match Pattern Store/Restore Data No Filter Network Statistics Quit

llll~ lllLllllll I~Lllll LLl ~Lll~~1 LIt 11111 It III UIIIIIIIIIIIIIIIII U 1111111111 11111111111111111111111111, 111111 " " OFFSET: (00-10) VALUE: (08-88) I III "11'" "' II IIII~ II II 1/ W [111 [I II" Llll llll1 II 1111111111 III 1111 II II 1111 11111 ~ , H I( Y X H 'tuRREN M N~ X IN'M LN~" Figure 4.2 (Continued)

NUM LEN DESTINATION SOURCE TYPE DATA nbytes left = 167175 36 60 800010031011 AA00040002EC 0800 4500002A1FEE00001E0672A081BA016681 37 60 AA00040002EC 800010031011 0800 4500002AB46EOOOOOF06ED1F81BA056681 38 62 FFFFFFFFFFFF 0000C093981A 8137 FFFF0030000100000001FFFFFFFFFFFF04 39 60 800010031011 AA00040002EC 0800 450000291FEF00001E0672A081BA016681 40 60 AA00040002EC 800010031011 0800 45000029846FOOOOOF06ED1F818A056681 41 60 800010031011 AA00040002EC 0800 450000281FF000001E0672A081BA016681 42 60 800010031011 AA00040002EC 0800 4500002A1FF100001E06729D81BA016681 43 60 AA00040002EC 800010031011 0800 4500002AB47000000F06E01D81BA056681 44 60 0180C2000000 08002B187A8D 0026 4242030000000000007E08002B14D20EOO 45 60 800010031011 AA00040002EC 0800 450000281FF200001E06729E81BA016681 46 110 FFFFFFFFFFFF 0000COE6261C 0060 FFFF0060000000000001FFFFFFFFFFFF04 47 60 FFFF00600000 0000C0822B13 002E 0000C0822B130A1811FF01FFFFFF000080 48 60 FFFF00600000 0000C0A3DA14 002E 0000C0A3DA140A1811FF01FFFFFF00001F 49 60 fFFF00600000 0000COF8EC14 002E 0000COF8EC140A1811FF01FFFFFF00001F 50 60 FFFF00600000 0000C04FF912 002E 0000C04FF9120A1811FF01FFFFFF00003A 51 60 FFFF00600000 0000C042DD14 002E 0000C042D0140A1811FF01FFFFFF00001F 52 60 FFFF00600000 OOOOCOB8DB14 002E OOOOCOB8DB140A1811FF01FFFFFF00001F EJ1 E]7

Figure 4.3: Data Capture Screen 42

M MUM LEN DESTINATION SOURCE TYPE DATA

~ 59 S7 09000700003F 0260SC06E45F 0049 AAAA030S0007S09B0041000000008003FF ~ 60 87 09000700003F 0260BC06E45F 0049 AAAA03080007B09B0041000000008003FF :.t:;.~.;. 6621 B670 °09S000002701070905314F °OS26000B8C7060E745F 0049 AAAA030B0007809B004100000000B003FF ~L-______B 0 60S OSOO 450 0002C00020000400612FAS1BA631581~ ~ Detail IP:''''INTERNET PROTOCOL HEADER,'", IP: Version of IP 4 IP: Datagram Header Length 5 IP: Type of Service 00 HEX ASCII

0000 0800 2S 1795 14 0800 87 00 76 DB OS 00 45 00 •• +., ••••• v.,.E. 0010 00 2C 00 02 00 00 40 06 12 FA 81 SA 63 15 B1 SA ., •••. @...•. c .•• 00200147 10 BO 00 1700 OS 07 2C 00 00 00 01 6002 .G •• , •••• , •••• •• 0030 01 00 4C 20 00 00 02 04 01 00 00 00 5700 09 00 •• L, •••••••. W••• 1 rs;,~ ~ r~;EVl ~ EJ ~~ ~~~

Figure 4.4: Data Display Windows

4.2.4.1 Summary Display Window In the summary display window just one line is displayed for each packet and the packet is truncated at the edge of the screen. It includes the source address and destination address fields of the Ethernet frame. Figure 4 ..5 shows the summary display window.

4.2.4.2 Detail Display Window In the detail display window each proto, col type is identified and each standard field in the protocol is labeled and decoded and is usually diplayed on a line by itself. Figure 4.6 shows the detail display window.

4.2.4.3 Hexadecimal Display Window In the hexadecimal display window all bytes are shown in hexadecimal and beside it is a translation into ascii. Figure

4.7 shows the hexadecimal display window. 43

NUM LEN DESTINATION SOURCE TYPE DATA 1 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 2 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 3 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 4 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF S 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B00410000000oa003FF 6 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 7 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 8 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 9 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 10 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 11 60 0180C2000000 08002B187A8D 0026 4242030000000000007E08002814D20EOO 12 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 13 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 14 73 FFFFFFFFFFFF 0000C06AC811 003B 0000C06AC8110EDSC0010S0E0000210007 1S 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 16 73 FFFFFFFFFFFF 0000COA1141A 003B 0000COA1141AOED4COOS010E00002100DC 17 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF 18 87 09000700003F 02608C06E4SF 0049 AAAA03080007809B0041000000008003FF ~CRN t.AiNl ~r~~~ OPTS I~ ~~~

Figure 4 ..5: Summary Display 'Window

Detai l IP:------INTERNET PROTOCOL HEADER---- IP: Version of IP 4 IP: Datagram Header Length S IP: Type of Service 00 IP: Total Length 002C IP: Identification 0002 IP: Flags 0 IP: Fragment Offset 0000 IP: Time to Live 40 IP: Protocol Type 06 IP: Header Checksum 12FA IP: Source IP Address 129.186.99.21 IP: Destination IP Address 129.186.1.71 TCP:------TRANSPORT CONTROL PROTOCOL--- TCP: Source Port 4237 Unkown Type TCP: Destination Port 23 Telnet TCP: Sequence Number 000BD72C TCP: Acknowledgement Number 00000001 1 rs;,t.AiNl ~ I~REVFRAME I foo

Figure 4.6: Detail Display 'Window 44

HEX ASCII 00000900070000 3F 0260 8e 06 E4 SF 0049 AA AA ••••• 7 •..••• 1 •• 0010 03 08 00 0780 9B 00 41 00 00 00 00 80 03 FF 07 ••••••• A•.• : •••• 0020 02 02 02 21 B7 80 04 35 SO 00 1A 47 72 61 70 68 .•• ! ... 5 ••• Graph 0030 69 63 73 20 4e 61 73 65 72 57 72 69 74 65 72 20 ics LaserWriter 0040 50 6e 75 73 20 OB 4e 61 73 65 72 57 72 69 74 65 Plus .LaserUrite 0050 72 05 41 4C 4E 45 54 57 00 0900 0700 00 3F 02 r.ALNETW •....• 7.

rs;,~ ~EXTFRAME [:.evFRAME f~IN ~~ I I I

Figure 4.i: Hexadecimal Display Window

4.2.5 File I/O

A menu is needed to be able to store and restore the captured data files onto and off the hard disk. Figure 4.8 shows the store/restore menu.

4.2.6 Statistics

This feature was not implemented but the option was included in the menu so that it could be added at a later time.

4.2.7 Driver Software

The Etherlink Plus adapter comes with driver software. This includes a ROM that provides extensive functions for handling the 82586, and software that resides on the PC. The software includes assembly language routines that are coded using 45

1111",.,,"11 " II , ,. ETHERNEt I MaN i tOR' • • AND PROTOCOL ANALYZER ,.,. ,,,,'"1111'"' 1111" III' "Ii 11111111 r- Main Menu ~: Store Menu e Filter Setup Load from ~ ilel Capture Data Store to FIle Examine Data Store/Restore Data Network Statistics Quit

"'1 II Ill" """"'" I. I. " I. " " '" " 111111111 1111111111111111111111111111111 1111'", II II II II II " " " II "" IEnter Filename: (TEST' )

II , I 1111111111' II J.i1 ' '" II lL JHIIIIIIIII 11111 J illli II II II I III 111111111111 11111 II 111111111111 TH S AP KEY X '5 HE'cURRENf'M 'NU'EX !p "MAiN MENU II

Figure 4.8: Store/Restore Menu the :\Iicrosoft ~Iacro Assembler, and demonstration C language source file coded in :\Iicrosoft C 4.0. The assembly language programs were written in small code model format and needed to be rewritten in large code model format. A library of callable driver support routines was created from the assembly language and C language routines. The command interface between the host PC and the EtherLink

Plus adapter is accomplished by the host passing PCBs (primary command blocks) and the adapter returning response PCBs to the host.

4.2.7.1 Interrupts The host can be interrupted by the adapter for a PCB response or request, or for DMA done.

The adapter can be interupted by a DMA done, a timer, a command register full, an 82586 interrupt or to reset it. 46

4.2.7.2 DMA Data Transfers Some PCB's initiate a data transfer to or from the host. This is usually accomplished by the host or adapter setting up its

D':\IA to transfer data using the adapters data register port. 4i

5. CONCLUSIONS

This network monitor allows the LAN manager or computer engineering student to monitor what type of packets are on the network and to look at the decoded packets. Future enhancements that can be added to this monitor include the ability to do statistical analysis of the data. An example of this might be a graphical display of network traffic versus time. Other statistics that might be useful would be percentage of the traffic attributed to a protocol type or station address.

This monitor concentrated on the Tep lIP protocols and applications because they are currently the most prevalent type used. The DOD is however committed to migrate to the OSI protocol suite as are all government agencies by the year 1992.

This standard is' called GOSIP which stands for government OSI protocol.

OSI applications that can be included are listed below.

• FTAM: File transfer, access and management.

• MHS: Message Handling System Model (Electronic ~Iail).

• VTP: Virtual Terminal Protocol.

Ethernet was the physical layer that was selected for this monitor because it is the most prevalent type on campus. ~Ionitors for other types of physical layers such 48 as token ring or FDDI could also be implemented. They would, however, require a different board in the PC to attach to that type of network. 49

6. BIBLIOGRAPHY

[1] 3Com. The Developer's Guide to Network Adapters. 3Com Corporation. Santa Clara, California. 1989.

[2] Magna Carta Software. C Windows Toolkit. ~Iagna Carta Software. Garland, Texas, 1989.

[3] Jacobson, D., Gaitonde, S., Kim, J .. Lee, J., Rover, D., Sarwar, ~I., Shafiq, M. "A ~Iaster/Slave Monitor Measurement Technique for an Operating Ethernet Network." IEEE Network, 1, No.3 (July 198i), 40-48.

[4] Network General Corporation. The Sniffer: Operation and Reference Manual, Ethernet ~'·ersion. Network General Corporation, Menlo Park, California, 1988.

[.5] Rose, ~Iarshall T. The Open Book: A Practical Perspective on OS!. Prentice Hall, Englewood Cliffs, New Jersey, 1990.

[6] Stallings, \Villiam, Mockapetris, Paul, McLeod. Sue and ~Iichel, Tony. Hand book of Computer Communications Standards, Volume 1: The Open Systems Interconnection (OSI) Model and OSI-Related Standards. Macmillan Publishing Company, New York, 198i.

[i] Halsall, Fred. Data Communications, Computer Networks and as!. Second Edi tion. Addison- Wesley Publishing Company, Wokingham, England, 1988.

[8] Stallings, ·William. Data and Computer Communications. Second Edition. Macmillan Publishing Company, New York, 1988.

[9] Comer, Douglas. Internetworking with TCPlIP: Principles, Protocols, and A.r chitecture. Prentice Hall, Englewood Cliffs, New Jersey, 1988.

[10] McConnell, John. Internetworking Computer Systems: Interconnecting Networks and Systems. Prentice Hall, Englewood Cliffs, New Jersey, 1988. .50

l'111 . Stallings, William. Handbook of Computer Communications Standards. ~rolume 3: Department of Defense (DOD) Protocol Standards. :\Iacmillan Publishing Company, New York~ 1988.

[12] Stallings, \Villiam. Handbook of Computer Communications Standards. Volume 2: Local Network Standards. Macmillan Publishing Company, New York, 1988.

[13] Stallings, William. Local Networks. Second Edition. :\lacmillan Publishing Com pany, New York, 198i. .j1

7. APPENDIX A: ACRONYJ\;lS .52

Table i.I: Acronyms

ARP Address Resolution Protocol ARPANET Advanced Research Projects Agency :.J"etwork CSMA/C'D Carrier Sense Multiple Access with Collision Detect DARPA Defense Advanced Research Projects Agency DMA Direct Memory Access DOD Deparment of Defense DPA DOD Protocol Architecture FDDI Fiber Distributed Data Interface FTAM File Transfer Access and Management FTP File Transfer Protocol GOSIP Goverment OSI Protocol ICMP Internet Control Message Protocol IEEE Institute of Electrical and Electronic Engineers IGP Interior Gateway Protocol IP Internet Protocol ISO International Standards Organization LAN Local Area Network OSI Open Systems Interconnection PCB Primary Command Block PDU Protocol Data U ni t RARP Reverse Address Resolution Protocol RIP Routing Information Protcol ROM Read Only Memory SMTP Simple Mail Transfer Protocol SPDU Session Protocol Data Unit TCP Transmission Control Protocol TCP /IP Transmission Control Protocol/Internet Protocol TPDU Transport Protocol Data Unit UDP User Datagram Protocol VTP Virtual Terminal Protocol .53

8. APPENDIX B: SOURCE CODE ;i~:t{111~i~;:fit:Jt!~~~: f~~tt~;;~%';;if.?:lit;i:": 1M.tiu. UP Ox0806 IdefiDe ZP Ox0800 1M.fiDe IlAItP Ox8035 , IdefiDe 'lB_CC*l Ox6010. IdefiDe 'lB COIIl Ox6011 IdefiDe 'lB-CC*3 OX60U IdefiDe 'lB:CClIC' Ox6013 IdefiDe 'lB_CC*5 Ox60U IdefiD. APOLLO Ox801'7 IdefiDe JmlBa'ULlt OX809S 1MefiDe UJtP Ox80!'3 IdefiD. LLC_HU Ox05DC .truot veDder_code. { UDeigued 10llg veDdor, char *u... , } veD_code.[) - { OXOOOOCO,·... teru Digital·, OXO:l60ac,· 3Co111·, OXO:l0701,·IDterlau·, OX800010,·~'T·, OX0800:lS, ·DBC·, o ,. ·h .truot ._type_u.... { UDeigued iDt e_type, char *u... , } ._type_u_[) - { BP,-AU-, zp,.zp., aAItl' , • aAaP· , 'lB_CC*l, ·3eo.·, Ql 'lB_COIIl, ·3Caa· , ,j:;. 'lB_CC*3, ·3Caa·, 'lB_COII', ·3Caa·, 'lB_C<*5, ·3eo.·, APOLLO,·ApOllo·, B'l'IIBJrZALJt, ·Bthertalk· , UItP, • Appletalk AI\P., 0,· .}, .truot port __ • { UDeigued iDt p_val, char *u... , } port_u .... [) { :11, .1"lP., :13, ·Teluet·, :15, • SIft'P. , 10:1, ·ISo-TSAP·, 513, ·who·, 0, • ·h :;i!i!;li!f{~ti~:f:~:i;1~1~li:i ;~1.b~i;!\*':;f;~~;~~i~!:. void filter""prot(void); "include void make_he1p_key(void); '* 1'1 kay *' "include void make_Ht.-mark_key(void); '* 1'2 kay *' "include <.tdio. b> void make_elisplay_opt_key(void); '* 1'3 kay *' void make Dus_kay(void); "include __ '* 1'& kay *' void make_uext_fr __ key(void); '* 1'6 kay */ #define HABit 1 void makeJlr8V_fr __ key(void); '* 1'7 kay *' #define KAlIiLCOL 6 '* Hain lIeIIu *' void make_zoClIILiD_kay(void); '* 1'8 kay */ #define I'lL_COL 30 '* Pilter lIeIIu *' void make_.tart_stop_key(void); '* 1'10 key *' #define ADD_COL 51 '* Addre •• lIeIIu *' void make_1IIlIaarY_elisplay(void) ; #define PRO'l'_COL 51 '* Pz:otoool IIenu *' void make_detail_eli.play(void); #define SCR_COL 10 '* Sareen Option. *' void make_hex_elisplay(void); #define STa_COL &0 '* Store lIeIIu *' void help(iDt); #define HBIIU ROW 6 '* RGIIf far lIeIIu. *' void check_Uag(void); #define KAlliO .. 2 '* Hain lIeIIu priority *' void collect_data(void)J #define PlL_PR 3 '* Pilter lIeIIu Priority *' void alear_bufter_kay(void), #define ADD_PR 3 '* Addre •• lIeIIu Priori~y*' void make erlt )tey(void) , #define PRO_PR 3 '* Pz:otoool lIeIIu Priority *' void p_error(char *str. int DUll), #define STa_PR 3 '* store lIeIIu Priority *' void fill_detail(iDt curreat""packat); #define SCR_PR 2 '* Screen Option. lIeIIu priority *' void Ull_hex(iDt curreutJl&ckat); #define BOPI'BR_Sl:IB 200000 '*Collect Data buU.r .he in byte. *' void clear_tiltera(void); IltJI,-P1t'lS 2000 '*Collect Data buffer .he in byte. *' #define void iDit_505(void); #define UP Ox0806 iDt rcv_505(void)J #define :n> Ox0800 iDt Ulter_out(iDt leu), #define RARP Ox8035 iDt u_err(PIlILD *f, iDt *key), #define TB_COIIl Ox6010 #define TB_COIU Ox6011 extern WIIlDOII *.IIIIIIII&rY_w, *detail_w. *hex_w, #define TB_C0II3 Ox6012 extern VSCUU *.UIIIUrY_vs, *detail_vs, *hex_vlI; #define TB_COII& Ox6013 #define TB_C0II5 Ox60lt extern char lIfiltar(U), , #define .APOLLO Ox80!'7 extern char text[&O) Q1 #define B'l'BBR'ULIt Ox809B Q1 #define AARP OX80P3 extern char pkt(1000), #define LLC_IIAX Ox05DC extern uulligaed char huge dbutter[BtlF!'BR_SIIlI); #define Il_PllO'lOCOLS 8 extern 10Dg abytell, extern uulligaed char huge *byte...ptr; extern COLORS pop_a. eli.playa_a. fielda_a, extern .truct butf huge *pack...ptr(IIUK_P1t'lS), extern int DWllpkt.; extern BORDD PCP-F. eli.play._b. nelda_b, extern .truct buff { extern int exit.[), '* bya that ..a _u elieappear iDt leu, extern int faxi t. [J. neutrale (J , *' char packat(1000); ), extern ICBIIU_JtftS pop __ • n.lda ___ , extern .truct buff huge *bptr, exteru 1CB1IU_ftX'l.-in_text(J. filter_text[). addr ••• _text[JI .truct highlightll { exteru 1CB1IU_ftX'l protocol_text[). dieplay_text[) •• tore_text[), iDt .tart, iDt leu, extern int hahar. pop_ha(J, ), extern .truct highlights hl_hex[100Jl extern POPUP mainJl •• filterJIB. addr ••• JI •• protoaol....P •• dieplay....P••• tore....P., extern int debug; extern lOItXM' U.lda_f, di.play._f, extern int fddi, euat, extern pIBLD *addre •• _f. *.torB_f, void .etup_.cr_u(void), void filter __ uu(void) , void collect __ u(void), void eltIIIR __ u(void) , void .torB.JII8Du(voidh void .tat __ uu(void) , void filter_.et(int)l :~\lftti~i~};:11lj, ::;~!~\;;1~1Is1:'£\~{8;~: lina1ude break, linc1ude } 11nc1ude <.tdio.h> } linc1ude } while (key 1- BSCAPB)1 lina1ude "header.h" bide_viadow(collect_v) , un.1gned char huge dbutter[BDFPBR_BIIB), tr .. _viDdov_mamory(lco11ect_v), un.1ped char huge *byte...,Ptr, loag abyteB - 0, 1ett-BOFnR_BIIB, } .truat butt huge *bptr, void colleat_data(void) iDt aUlllpItt. , { 1fJ:1IDOIf *co11eat_", int 1, lea, char *ptr, void colleat __ u(void) 1t (debug) { ( v-prlatt(colleat_",br1ght+wh1te,blue,"te.t - '3d\r\a",awapltt.++), iDt key, t1ag., return, } flag. - 1, priDt.(1,0,bright+wh1te,b1ue," IIUH LD DU'l'IHA'lIOil SOUJlCJI 'lYPB DA'lA it «lea - rcv_50S(» -- -1) { v-priDU(colleat_", br1ght+white,blue,"lIrror iD rece1viDg data\a\r")1 create_"indov(lraOlleat_","" 78,20), return 1 border_vindov(co11ect_v, ldi.playB_b, BIIJGLB, DOtJBI.B, yellow, cyan)J } co11ect_w->p_toraat - IdiBp1ay._t, 1t (tilter_out(lea» retura, di.p1ay_~(co11eat_",1,1,1), byte -ptr - pitt I c1ear_vindow(co11eat_", ldi.p1ay._c, JDIPTY ,1DIP'lY,BP), bptr - (.truct butt *)ldbufter[abyte.), -"-_he1p_key() , ptr - bptr->packet, mak.e_.tart_.top_ltey() , it «abyte. + lea + .izeot(lea» < BllPl'BR_SIIB) ( awapltt.-l, bptr->lea - leal tor (1-0,1 #iaclude void Prll_eD8t_hdr(int .hift_val) #iaclude <.tdio.h> { #iaclude int i, #iaclude <.triag.h> #iaclude i-O, #include "hBader.h" VB-Priatt(detail_v.,bright+vhite,blu.,"\r\aHACl------BTBBRRIT BBADBR------\r\D")I #include "decode.h" it (eaet) ( . VB-printt(detail_v.,bright+vhite,blue, "HACI De.tiDatioD "), void prII_iClDp_hdr(iat .hift_val), for (i-0,i<6,i++) void prII_tcp_hdr(int .hift_val)! VB-priatt(detail_v.,bright+vhite,blu.,·'02X",dptr[.hift_val + iJ)I void prII_&rp_hdr(int .hift_val) I VB-priatt(detail_v., bright+vhite,blu.," Vendor I ,.\r\D·,get_vendor_D ... (idptr[.hitt_val void prII_udp_hdr(int .hift_val)! + 0J))I void prII_bo_ip_hdr(iDt .hitt_val)! VB-priatt (detail_v., bright+vhite,blue, "HACI Source ·)1 void prII_rarp_hdr(iat .hitt_val) I tor (i-6,i<12Ii++) void prII_.IIlt_hdr(int .hift_val)! VB-priDtt(detail_v.,bright+vhite,blue,·'02X",dptr[.hift_val + iJ)1 void do_eaet(int .hift_val)! VB-priatt(detail_v.,bright+vhi~,blu.,"Vendor I "\r\D" ,get_veador_a ... (ldptr[.hitt_val + 6J))1 . exterll iat .UDDarY_v_esiata, detail_v_exiata, h __ v_enata, } extern iat current fi.ld, VB-priatt(detail_v.,bright+vhit.,blue, ·HACI Type ") , uaeigaed char huge *dptr 1 tor (i-12,i<1tli++) iat pitt_lea, v.-p riatt (detail_v.,bright+vhite,blue,"'02X",dptr[.hitt_val + iJ)1 iat IIIllt linea I v.-priatt(detail_v., bright+vhite,blu.," '.\r\D",get_ether_type(pltt_type))1 uaeigaed iat pitt_type I it (eaet) { char a&me[20JI hl_hes[mAZ_line.J •• tart - .hitt_val, hl_hes[mAZ_line.++J.len - U, atruct highlighta hl_heE[100J' hl_hes[mAZ_line.J •• tart - .hitt_val, hl_hes[mAZ_lin •• ++J • lea - 6, char *get_veador_a_(uadgued char *Ptr) hl_hes[mAZ_liae.J •• tart - .hitt_val + 6, { hl_hes[mAZ_lin •• ++J.lea - 6, uadgued long veador, } iat i, .1..{ hl_hes [mAZ_liD.. J •• tart - .hitt_ val + 12, -IQl vendor - «(loag)ptr[OJ*256+(lODg)ptr[1J)*256)+(loag)ptr[2JI hl_hes[mAZ_lia •• ++J.l.a - 2, i - 0, } whil. (ven_codeB[iJ .veador) hl_hes[mAZ_line.J •• tart - .hitt_val + 12, it (VIUIdor - v.D_ooct..[i++J .vendor) hl_hes[lIU_lin"++J.len - 2, returll(vea_codeB[--iJ.~)I } returll ( " ") I } void prII_&rp_hdr(iat ahift_val) ( char *get_ethBr_type(uaeigued iat ._type) iat il ( iat i, VB-priatf(detail_v.,bright+vhite,blue, "ABPI------ABP BBADBR------") 1 VB-priatf(detail_v.,bright+vhite,blue, ·\a\rABPI Hardware Type ") I if (._type <- 1500) tor (i-ahift_valli

) hl_hexlDAX_lia •• ++].lea - 11 hl_hexlDAX_lia •• ] •• tart - .hift_val+61 void prD_ip_bdr(int .hift_val) hl_hex[DAX_lia •• ++] • lea - 21 ( hl_hexlDAX_lia •• ] •• tart - .hift_val+8, int i,j, ver, db_I, Pro_typal talte_out_flatJ., hl_hexlDAX_lia •• ++].lea - 11 hl_hexlDAX_lia •• ] •• tart - .hift_val+9, n..,printf(datail_v.,bright+white,blu., ·IPI----III'l'DIIB'l l'RO'l'OCOL BBADBR---·); hl_hexlDAX_lia •• ++].lea - 11 n..,printt(datail_v.,bright+white,blu.,·\a\rIPI Version ot IP ." hl_hexlmAX_liau] •• tart - .hift_val+101 db_I - dptrl.hift_val] , OxOP, hl_hexlDAX_lia •• ++].lea - 21 nr - dptrl.hift_val] , OxPO, hl_hexlDAX_liae.] •• tart - .hitt_val+121 nr - V8r » .; hl_hexlDAX_lia •• ++].lea - ., n..,printt(datail_v.,bright+white,blu.,·'OLZ·,ver)I hl_hexlDAX_liae.] •• tart - .hift_val+16, n..,printt(datail_v.,bright+white,blu., ·\a\rIPI DatatJr .. BeadBr Leagth .), hl_hexlDAX_liae.++].lea - ., n..,printt(datail_v.,bright+white,blu.,·'01Z·,db_l) I for (j-O,j«db_1-5)lj++){ n..,printt(datail_v.,bright+white,blu.,·\a\rIPI Type ot Service ")1 VB..,priatf(datail_v.,bright+vhite,blue,"\n\rIPI Option./Padding tor (i-.hift_val+1Ii VB-printf(detail_va,bright+wbite,blue,"'02X",dptr[i)), for (i-abift_val+16,i

;~~lltlJl!tf~iil1i~i ;~i~lii~~}I,~(ii~t:~;~~. hl_helt[aalt_liD •• ++J • len - 2; ve-priDtf(detall_v.,bright+white,blu.,·'Olx·,.rror_report); } ve,JlriDtf (detall_v., bright+white,blu., ·\D\rISO IPI 'rJpe .); ve,Jlrintf(detall_v.,bright+white,blu.,·'OlX·,type_fi.ld); void prD_udp_hdr(iDt .hut_val) ve,JlriDtf(detall_v.,bright+white,blu., ·\D\rISO IPI SegJMDt Length .); { for (i-.hift_val+5; i<.hift_val+7; i++) "- iDt i; ve,Jlrintf(detall_v.,bright+white,blu.,·'02x·,dptr[iJ); unBigned iat port_val; ve-priDtf(detall_v.,bright+white,blu., ·\n\rISO IPI Check.WII .); for (i-.hift_val+7,i<.hift_val+9;i++) v.-PriDtf(detail_v.,bright+white,blue,·UDPI------USBR DAT1GRAHPROTOCOL ---.J, ve-printf(detall_v.,bright+white,blu.,·'02X·,dptr[i); ve-priDtf(detail_v.,bright+white,blu., ·\a\rUDPl Source Port .) , ve-printf (detall_v., bright+white,blu., ·\n\rISO IPI De.tiDatiOD Addre •• Len.·), port_val - (un.igned) (dptr[.hift_valJ*256+ dptr[.hift_val+1J), a_off.et - dptr[.hift_val+9J, ve-priDtf (detail_v., bright+white,blue, ·'d , •• ,port_val, get-port_a_(port_val»)J ve,JlriDtf(detall_v.,bright+white,blu.,·'02x·,a_off •• t); ve-priatf (detail_v., bright+white,blu., ·\a\rUDPl De.tiDation Port .); ve,Jlrintf(detall_v.,bright+white,blu., ·\n\rISO IPI De.tiDatiOD Addre.. .), port_val - (unBigned) (dptr[.hift_val+2J*256+ dptr[.hift_val+3J); for (i-ehift_val+10,i<.hift_val+10+-_off •• t,i++) ve-priDtf(detail_v.,br1ght+white,blu., ·'d , •• ,port_val, get-port_n-(port_val»; ve,JlriDtf(detail_v.,bright+white,blu.,·'02X·,dptr[iJ), ve-priatf(detail_v.,bright+white,blu., ·\a\rUDPl Length .); ve-priDtf (detall_v., bright+white,blu., ·\n\rISO IPI Sourc. Addr... Length .), for (i-.hift_valH;i

vw-priDtf(detail_v.,bright+vhite,blue,·.02X·,dptr[i), vw-printf( detail_vs,bright+vhite,blue, "HACa------BBACOH nAKB------.)' 9W-priDtf(detail_v.,brigbt+vhite,blue, • \n\rRARP I OperatiOD (RUP) ." vw-priDtf(detail_vs,bright+vhite,blue, ·\n\:dIACa 1'1:_ COntrol .), for (i-.hift_val+6,i

i~':·, i~':·,

0) 0) ~ ~

t\1~~i~41~t~1;:; t\1~~i~41~t~1;:;

"), "),

Address Address

ID~PI~OR----"), ID~PI~OR----"),

Address Address

Contxol Contxol

ST~IOR ST~IOR

1'), 1'),

+ +

1'), 1'),

SOurce SOurce

Destination Destination

:rr_ :rr_

+ +

"'02X",dptr[iJ), "'02X",dptr[iJ),

dptr[shitt_val+ll], dptr[shitt_val+ll],

, ,

+ +

"\n\rtW:1 "\n\rtW:1

"HACI----HKXT "HACI----HKXT

"\n\rtW:1 "\n\rtW:1

bright+white,blue, bright+white,blue,

6, 6,

shitt_val+7, shitt_val+7,

6, 6,

shitt_val+l, shitt_val+l,

1, 1,

shitt_val, shitt_val,

13, 13,

sbitt':"val, sbitt':"val,

{ {

break, break,

prn_ethertalk_hdr() prn_ethertalk_hdr()

prn_BpOllo_hdr(), prn_BpOllo_hdr(),

break, break,

prn_lcOll_hdr(), prn_lcOll_hdr(),

COII2I COII2I

COIIlI COIIlI COIIll COIIll

prn_rarp_hdr(shitt_val prn_rarp_hdr(shitt_val

break, break,

prn_ip_hdr(shitt_val prn_ip_hdr(shitt_val

break, break,

pra_&rp_hdr(shitt_val pra_&rp_hdr(shitt_val

- -

(void) (void)

B'IIID'ULlt1 B'IIID'ULlt1

APOLLOI APOLLOI TB-COIISI TB-COIISI

ftCOll'1 ftCOll'1

TB-

TB TB

IPI IPI

ARPI ARPI

len len

bright+white,blue, bright+white,blue,

dptr[shitt_val+12J*2S6 dptr[shitt_val+12J*2S6

bright+white,blue, bright+white,blue,

• •

.. ..

shitt_val) shitt_val)

_ _

ca ca

caM caM

ca ca

caM caM ca ca

_RUPI _RUPI

_ _

(deta11_vs, (deta11_vs,

caee caee

J.etart J.etart

i, i,

(deta11_vs, (deta11_vs,

."itch(pkt_type) ."itch(pkt_type)

(deta11_vs, (deta11_vs,

prn_enet_hdr(shitt_val), prn_enet_hdr(shitt_val),

pkt_type pkt_type

v.Jlrintt(deta11_vs,bright+white,blue,"'02X",dptr[il), v.Jlrintt(deta11_vs,bright+white,blue,"'02X",dptr[il),

v.Jlrintt(deta11_vs,brigbt+wbite,blue,"'02X",dptr[il), v.Jlrintt(deta11_vs,brigbt+wbite,blue,"'02X",dptr[il),

v.Jlrintt v.Jlrintt

int int

do_enst(int do_enst(int

prn_etbertalk_hdr prn_etbertalk_hdr

prn_apollo_hdr(void) prn_apollo_hdr(void)

prn_lOOll_hdr(void) prn_lOOll_hdr(void)

prn_next_station(shitt_val) prn_next_station(shitt_val)

(i-shitt_val+7,i

(i-shitt_val+l,i

(i-shitt_val,i

( (

) )

{ {

void void

) )

{ {

void void

( (

) )

void void

) )

void void

hl_hlllt[lIIIIlt_liaes++J.len hl_hlllt[lIIIIlt_liaes++J.len

hl_hlllt[lIIIIlt_liaes].start hl_hlllt[lIIIIlt_liaes].start bl_hlllt[lIIIIlt_linul.start bl_hlllt[lIIIIlt_linul.start

hl_hlllt[lIIIIlt_lines++] hl_hlllt[lIIIIlt_lines++]

hl_hlllt[lIIIIlt_liau++J.len hl_hlllt[lIIIIlt_liau++J.len

hl_hlllt[lIIIIlt_lines++l.len hl_hlllt[lIIIIlt_lines++l.len

hl_hlllt[RUIlt_linesJ.start hl_hlllt[RUIlt_linesJ.start

hl_hlllt[lIaX_linu hl_hlllt[lIaX_linu

tor tor

v.Jlrintt v.Jlrintt

tor tor

vSJlrintt(deta11_vs,bright+white,blue,"\n\rtW:1 vSJlrintt(deta11_vs,bright+white,blue,"\n\rtW:1

vSJlrintt(deta11_vs,bright+white,blue, vSJlrintt(deta11_vs,bright+white,blue,

vs-printt vs-printt

{ {

void void

"), "),

.), .),

IMPLBKIRTOR----·)' IMPLBKIRTOR----·)'

Addre.. Addre..

Address Address

lOR lOR

Address Address

Contxol Contxol

,dptr[il), ,dptr[il),

~ ~

souroe souroe

Destination Destination

:rr_ :rr_

SOurce SOurce

Destination Destination

:rr_ :rr_

I I

"'OU" "'OU"

"\o2X" "\o2X"

I I

DI9.1LID DI9.1LID

\n\rtW: \n\rtW:

" "

"HACI------alBBRVlD------"), "HACI------alBBRVlD------"),

·\n\rtW:1 ·\n\rtW:1

" "

"\n\rtW:1 "\n\rtW:1

·\n\rtW:1 ·\n\rtW:1

i++) i++)

val, val,

blue, blue,

-. -.

val, val,

6, 6,

shitt_val+7, shitt_val+7,

shitt_val+l, shitt_val+l,

6, 6, 1, 1,

shitt_val, shitt_val,

13, 13,

shitt shitt

shitt_val+7, shitt_val+7,

6, 6,

shitt_val+l, shitt_val+l,

1, 1,

shitt_val, shitt_val,

13, 13,

shitt_val, shitt_val,

shitt_val+7, shitt_val+7,

6, 6,

6, 6, shitt_val+~, shitt_val+~, 1, 1,

shitt shitt shitt_val, shitt_val, 13, 13,

- -

(shitt_val) (shitt_val)

len len

bri9ht+white,blue, bri9ht+white,blue,

bright+white,blue, bright+white,blue,

len len

lea lea

• •

bright+white,blue, bright+white,blue,

bri9ht+white, bri9ht+white,

• •

len len

• •

I • • I

start start

• •

......

start start

etm:t etm:t

I. I.

++).len ++).len

++) ++)

++ ++

I. I.

.etm:t .etm:t I. I.

++I ++I

I. I.

I I

.. ..

i, i,

linul.start linul.start

i, i,

lines++l.len lines++l.len

(detail_vs, (detail_vs,

(deta11_vs, (deta11_vs,

v.-printt(deta11_vs,bri9ht+white,blue, v.-printt(deta11_vs,bri9ht+white,blue,

vs-printt(deta11_vs,bright+white,blue,"'02X",dptr[il), vs-printt(deta11_vs,bright+white,blue,"'02X",dptr[il),

int int

v.-printt(deta11_vs,bright+white,blue,"'02X",dptr[il), v.-printt(deta11_vs,bright+white,blue,"'02X",dptr[il),

vs-printt(deta11_vs,bright+white,blue,"'02X",dptr[i)), vs-printt(deta11_vs,bright+white,blue,"'02X",dptr[i)),

vs-Printt(deta11_vs,bright+white,blue,·'02X",~r[il)' vs-Printt(deta11_vs,bright+white,blue,·'02X",~r[il)'

int int

[RUIlt_lin [RUIlt_lin

[1IaX_lin [1IaX_lin

[1IaX_linu++I [1IaX_linu++I

[RUIlt_lin_ [RUIlt_lin_

[1IaX_lin_++I [1IaX_lin_++I

prn_reserved(shitt_val) prn_reserved(shitt_val)

[RUIlt_lin_ [RUIlt_lin_

(i-shitt_val+7, (i-shitt_val+7,

(i-shitt_val+1,i

(i-shitt_val,i

prn_1mpl_hdr(shitt_val) prn_1mpl_hdr(shitt_val)

prn_invalid_tr prn_invalid_tr

(i-shitt_val+7, (i-shitt_val+7,

(i-shitt_val+l,i

(i-shitt_val,i

hex{aalIt hex{aalIt

hex[RUIlt hex[RUIlt

hl_hex[.u_lin hl_hex[.u_lin

hl_hex[aalIt_linul.start hl_hex[aalIt_linul.start

hl_hex[.u_lines).etart hl_hex[.u_lines).etart

hl_hex[RUIlt_lin hl_hex[RUIlt_lin

hI_hex hI_hex

hl_hex[.u_lin"++I.len hl_hex[.u_lin"++I.len

hl:hex[.u:lin hl:hex[.u:lin

tor tor hI hI

tor tor

v.-printt(detail_vs,bri9ht+white,blue, v.-printt(detail_vs,bri9ht+white,blue,

tor tor

v.-printt(detail_vs,bri9ht+white,blue,·\n\rtW:1 v.-printt(detail_vs,bri9ht+white,blue,·\n\rtW:1

( (

v.-printt v.-printt

v.-priatt v.-priatt ) )

void void

hI_hex hI_hex

hl_hex[aalIt_lin_l.start hl_hex[aalIt_lin_l.start

hI_hex hI_hex

hl_hex[aalIt_lin_++I.len hl_hex[aalIt_lin_++I.len

hl_hex[aalIt_lin_l.start hl_hex[aalIt_lin_l.start

hI_hex hI_hex

tor tor hI_hex hI_hex

hI_hex hI_hex

tor tor

v.-printt v.-printt

tor tor

v.-printt v.-printt

( (

vs-printt vs-printt

vs-Printt(detail_vs,bright+white,blue,·HACI------RlSBRVJD vs-Printt(detail_vs,bright+white,blue,·HACI------RlSBRVJD ) )

( (

void void

v.-printt(deta11_vs,bri9ht+white,blue,·\n\r v.-printt(deta11_vs,bri9ht+white,blue,·\n\r } }

!:(l'f~~{f:~~11ilf~ !:(l'f~~{f:~~11ilf~

void void

hl_hex[RUIlt_lin_++) hl_hex[RUIlt_lin_++)

hl:hex[RUIlt:lines hl:hex[RUIlt:lines

hl:hex[RUIlt:linesl.etm:t hl:hex[RUIlt:linesl.etm:t

hI hI

hl-hex[RUIlt-lin_++I.len hl-hex[RUIlt-lin_++I.len

hl-hex[RUIlt-linesl.etm:t hl-hex[RUIlt-linesl.etm:t

hI hI hI_hex hI_hex defaultl if (pkt_type <- 1500) prD_iavalid_fr ... (shift_val)J prD_llc_hdr(shift_val + 14)1 ) break, ) ) void fill_detail(iat curpaak) { void do':"fddi(iat sbift_val) if (detail_v_exists -- TIUJB) { alear_viadow(detail_v,5di.play._a,WBITI,BLOB,SP), unsigned char fc, bl alear_virtual_.areea(detail_VII,5di.plap_c,WBITB,BLUB,SP), VII_CDrsor(detail_vs,O,O) I fc - dptr[shift_val)J pkt_leD - pack-ptr[curpack)->leal dptr - pack-Ptr[curpack)->p&cketl if (fc - Ox80) { /* unrestricted tokeD */ curreat_field-O I prD_tokeD(shift_val,O) I max liDes-O, retUrDl if (fddi) { ) do_fddi(O), if (fc - 0ltC0) { /* restricted tOkeD */ if (max_liDe. > 4) curreDt_field - 41 prD_tokeD(shift_val,l) I ) retUrDl if (eaet) { ) do_enet( 0), if (max_liae. > 4) curreDt_field - 41 fa 5- 0xB!'1 /* clear address length */ ) max liaes--, if (fc - Ox82) { /* HAC BeacOli */ v_load_v.(detail_v, detail_vs,O,curreat_Ueld), prD_mac_bsacoD(shift_val)J if (detail_v_exi.ts -- TIUJB) hl_field_d(curreat_Ue1d)J returDJ ) if (fc - Ox83) { /* HAC claim */ void prD_rip_hdr(iat sbift_val) prD_mac_claim(shift_val)I { retUrDl iat i, ) 0) ~ b - (fc 5 OXPO)1 if (b -- Ox80) { /* HAC Frame */ VII-priatf ( detail_v., bright-hlhite ,blue, "RIP I------RIP IlBADD------"), prD_mac_hdr(shift_val)I VII-priatf(detail_vs,bright-hlhite,blue, "\D\rRIPl ec-aad "), returDJ for (i-.bift_valli curaor_oD( ); #illclude cursor(o,O); #illclude <.tdio.b> cl.(Whit.,black); #illclude p_error( °BUORI create detail virtual screen 'dO ,detail_v._exists), #illclude exit(l); #illclude <.tring.b> ) #iDclude °header.ho detail v. exist.-TlUJlI, detail:v.:>p_tormat - ldisplays_t, extern int max linB., ) int VB_.tart-pJtt, VB_and-pkt, void lUke_hex_di.play(void) int .u.aary_VB_exi.t., detail_VB_exiat., hmt_v._exi.t., int .u.aary_v_exi.t., detail_v_exi.t., hu_v_exi.t., { int di.playa_v_exi.t., int currentJMlcket, int i-OJ int current tield, char current - vindaw, helt_v._exi.ts -cr.at._viftual_screen('hex_vs, 80,100); lODg DumJMlCket.-O, it (hex_vs_exi.ts <0) { .truct butt huge *pack-ptr[lltll,-l'lt'.rS], cur.or_oD() ; 1fl:1IDOIf *.~_v, *detail_v, *helt_v, *di.playa_v, cur.or(O,O)I VSCIIDK *.~_v., *detail_v., *hu_VB, cl.(White,black) I IIOaDD di.playa_b - { p_error( °BUORI create hex virtual screen 'dO ,hex_v._exi.ts) I DILOII, exit(l); CYU, ) SIKGLlI, hex_v._exi.t. -TlUJlI; DOOBLlI hex_vs->p_tormat - 'di.plaYB_tl ), ) COLORS di.play._c - { 1IBrrB, BLOB void tr __ .cresn.(void) h di.play._t - { { Q) ~ I'ALSB, it (.1IDDIIrY_VB_exi.t. 1- I'ALSB){ Q) ~, .1IDDIIrY_v._erl.t. - I'ALSB, IJOZLH, fr __ virtual_.cr_D __ ry(Uwaary_VB) I IJODBLB'l'JI, ) IIIUD, it (detail_v._exi.t. 1- I'ALSB){ {O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O) detail_v._exi.ts - I'ALSB, ), fr __ virtual_.cresn __ ry('detail_v.)I ) void 1Uke_.u..ary_di.play(void) it (hex_vs_exi.t. 1- I'ALSB){ hU:_VB_exi.t. - I'ALSBI { tr __ virtual_.cresn __ ry(,hu:_v.)I int i-O, ) it (.waary_v_exi.t. 1- I'ALSB){ Bu.aary_VB_exi.t __ te_virtual_.cr_('.~_v.,80,300), .1IDDIIrY_v_exi.ts - I'ALSB, it (.~_VB_exi.tIlp_tomat - ,di.play._t, it (hex_v_exista 1- I'ALSB){ ) hex_v_ezist. - I'ALSB, hide_vindow(hu:_w) , fr __ vindow ry(,hu:_v) , void aake_detail_diaplay(void) __ ) { it (displaya_v_exi.t. 1- I'ALSB){ int i-O, di.playa_v_exi.t. - I'ALSB; hide_vindow(di.plays_v); vindow ry(,di.playa_w) I detail_v._exi.t.-creat._virtual_acreeD('detail_v., 80,100), tr __ __ it (detail_v._exi.t..trow-l,0,Bummary_v->.lrov,LIGBTG~y,WBrrB,0X82)I DOUBLB, yellow, ayllA I I .. _cureor(BIllIIIIBrY_VB,O,curreutJlackat-VB_BtartJlkt)I detail w-tl%iBt. -'rRDB I it (h.z_v_aaiBtB -- PALSB) { . h -- create_window('haa_v,78,9) I priDt.(l,O,bright+white,blue," Detail border_"indow(h.z_v, ,diBplaYB_b, SIHGLB, DOUBLB,yellow, CYIlAI I ")1 haa_v_exiBtB - TRDB; di.play_vindow(detail_v,l,l,l) I ) v_load_va(detail_v, detail_va, 0, aurr8llt_tield) , printe(l,lO,bright+white,blu.," BBZ aurr8llt viudow - 'd'l ASCII ")1 va_our.or(detail_VB,0,aurr8llt_tield)I di.play_vindow(haa_v,l,ll,l); C1:>-1 break I v_load_vB(helt_v, haa_v.,O,O)I ca.e 2. break, it (hez_v_tl%i.ta - FALSB) { create_viDdow(,hex_v,78,20)1 caB. 5. border_viDdow(hez_v, ,di.plaYSJ!, SIIIGLB, it (detail_v_exiBtB - PALSB) { DOUBLB,yellow,ayan)J create_window(,detail_v,78,9); hez_v_exiata - '!ROBI border_window(detail_w, ,di.plaYB_b, SDlGLB, } DOUBLB,yellow, cyan" priDta(l,O,bright+white,blue," BBX detail v exi.t. -'l1UlBI ) ASCII "II -- diaplay_viudow(hex_v,l,l,l) I printe(l,O,bright+white,blue,· Detail v_load_va(hez_v, hex_va, 0, 0) I aurreat viDdow - 'h' I diBplay_viudow(detail_v,l,l,l);"" va_our.or(hez_ .. ,O,O) I v_load_VB(detail_v, detail_vB,0,curr8llt_tield), break I aurr8llt viudow - 'd'I clear_bOz(0,detail_v->.trov-l,0,detail_v->.lrov,Ll:GBTGRAY,WBrrB,0X82), ca.e 3. vB_cur.or(detail_v.,O,aurreat_ti.ld)I it (alDaarY_v_tl%iata - FALSB) { it (hez_v_eziete - FALSB) { create_viDdow(,.u.aary_v,78,911 areate_vindov(,haa_v,78,9) I border_viDdow(alDaarY_v, ,di.plays_b, SIIIGLB, border_vindov(helt_v, 'diBplays_b, SIMGLB, DOOBLII, yellow, ayllA" DOUBLB,yellow, cyan)I .-ry_v_tl%iata - '!ROBI hez_v_ezietB - 'rIUlB; } ) priDta(l,O,bright+white,blue," BON LBK DBSTIHATIOH SOURCE TYPB printe(l,lO,bright+white,blue,· BBZ DATA ")1 ASCII "); diaplay_viudow(au.mary_v,l,l,l) I display_viudow(haa_v,l,ll,l) I v_load_val BUDDarY_v, .u.mary_va, 0 ,currantJHlcltet-v._BtartJlItt) I v_load_v.(hez_v, haa_v.,O,O); curreat_viudow - 'a', breakl alear_boz(0,Bwzary_v->.trow-l,0,au.mary_v->.lrov,Ll:GBTG~y,WBITB,0X82)I .. _ouraor(.u.aArY_",0, currentJlaoltet- .. _.tartJlItt)I ca.e 6 • it (detail_v_tl%i.t. - FALSB) { it (BIDDIIrY_v_exi.t. - PALSB) { ;11~ii~ii;flf IJ\\ttt~~:.~~~~i\~l\~. create viadow(,.ummary v,78,6), 1.0 - h1_he:z[curfi.1d].leD; border:viadow(Bu.aary_V, ,di.p1aYII_b, SIIIIGLB, for (i-.tart;iB1roY,LIGII'1'GRAy,1IIII'l'B,0d2);} VB_cursor(Bu.aary_VB,O,curreDtJlaaket-VB_BtartJlItt), if (detai1_V_elti8tB - ULSB) ( void uhl_field_d(iat aurfi.1d) create_viadow(~ail_v,78,6), ( border_viadow(6Btall_v, 5dbp1aYB_b, SDIGLB, iat i,ch, DOtlBLB, yellow, cyan), VB_aurBor(detail_vB,O,curfi.ld), detail v exi.tB -'l'IIDB, for (i-O,i<~,i++){ . . } -- ch - getchr () , priat.(1,7,bright+wh1te,b1ue,· Detail v • ...Priatf (detail_v.,bright+white,b1u.,·'c·,ch); } di.play_viDdow(detail_v,1,8,1)." , VB_cur.or(detail_v.,0,curfie1d); v_1oad_VB(detail_v, 6Btall_vB,0, curr_t_fi.ld) , } if (helt_v_exiBts - PALSB) ( creata_viadow(,he:z_v,78,6) , void h1_U.ld_d(1nt curfield) border_viadow(helt_v, ,di.plaYB.P, SIIIIGLB, DOtlBLB, yellow, cyao), { he:z_v_exi.t. -TRUll, iat i,ch, } VB_aureor(detail_v.,0,curfie1d); priat.(l,l~,bright+white,blu.,·BBX for (i-O,i<~;i++){ ASCII .) , ch - getchr () ; diBplay_viDdow(he:z_v,1,15,1); v • ...Priatf (detail_v.,b1ue,bright+whit.,·'c·,ch); v_1oad_VB(he:z_v, helt_VB,O,O), } break, VB_cur.or(detail_v.,0,curfie1d), Ol } 00 default I break, void uhl"'pack(iat v._1ia.) } { iat i,l.o, } i - 0, bptr - pack...Ptr[curreDt"'p&cItetJl void uhl_field_h(iat curUe1d) byteJltr - bptr->packet; { 1l1li - bptr->ll111, iat i,j,ch,Btart,lea, VB_cureor(au.aary_VB,O,v._liDe), UDBigDed iat. hl_col,h1_roY, VB...priatf(a\IIIIIArY_va,bright+whit.,b1ue, ·Ud Ud • ,curreDt...P8Cket+1,lea), for (i-o,i<6,1++) { 'Btart - h1_he:z[curU.ld] •• tart, VB"'priatf(.\IIIIIArY_v.,bright+whit.,b1ue,·'02X·,byteJltr[i]), 1... - hl_he:z[aurf1.1d].1_, } for (1-Btart,i<8tart+lea,1++) { VB"'putC(B\IIIIIArY_v.,bright+white,blu.,' '); if (1 - 0) hl_col - 5, .1 .. hl_col - (iU6)*3+5, for (i-6,i<12,i++) if (1 - 0) hl_row - 0, .1 .. hl_roY - 1/16, VB...priatf(.\IIIIIArY_v.,bright+whit.,blue,·'02X·,byte...Ptr[i]), VB_aursor(he:z_VB,h1_co1,hl_row), VBJlUtC (a\IIIIIArY_v.,bright+white, blue, , '); for (j-O,j<3,j++) ( for (i-12,i<1~,i++) ah - getchr(), VB"'priatf(.\IIIIIArY_VB,bright+whit.,blue,·'02X·,byte"'ptr[i), VBJlrJ,otf (he:z_VB,bright+vh1t., blue, ·ta· ,ch), VB"'puta (.-r}'_VB,bright+white, blue, , '), } for (i-1~,i<31,i++) } VBJlriatf(.-r}'_VB,bright+white,blue,·'02X·,byte...Ptr[i]), } VB_aursor(.-ry_va,O,v._liDe), } void hl_U.ld_h(iat curfield) { void hlJI&Ck(iat va_1iDe) iat 1,j,ch,Btart,leD, { UDBigDed iat h1_co1,h1_roY, iat i,leD, .tart - hl_he:z[curfi.ld] •• tart, bptr - pack...Ptr[curreDt"'p&cket), ~!;~'·'t~ti.it!~~tttlt1· ~~li~~:::lfi«;~::1f byteJltr - bpt:r->packet; vs_curaar(hu:_vs,o,O), 1.11 - bpt:r->len; pkJltr - plIDkJltr[aurpack); vs_curBOr(.umaary_vs,0,v._1ine), bJltr - pk....ptr->packet, v.Jlrintf(.umaary_vs,b1u.,br19ht+wbite,·'~d'~d',aurrent-p&cket+1,len), p_1en - pk""ptr->len, do{ for (1-0,1<6,1++) ( vs....Pr1Iltf(bex_v.,br1ght+wh1te,b1ue,·'0~X',bccunt); vsJlrintf(.umaary_vs,b1u.,bri9h t +wbite,·'02X·,byteJltr[1); for (1-0;1<16;1++) ( } v• ....Printf (bex_vs,br1ght+wh1t.,b1u.,·'02X ·,b....Ptr[bccunt+1)' v.Jlutc(auaDarY_ v.,b1u.,br1ght+wbite,' '" } for (1-6,1<12,1++) for (1-0,1<16,1++) ( vsJlrintf(.~_vs,b1u.,br1ght+wbite,·'02X·,byteJltr[1), 1f (1.print(b....Ptr[bcount+1) 1- 0) v.Jlutc(.WIIDIIrY_vs,blu.,bri9ht+wbite,' '); vs....Pr1Iltf(hex_v.,br1ght+wh1t.,b1ue,·to·,bJ*r[bcount+1), for (1-12,1<1~,1++) .1 .. vsJlrintf(.~_vs,b1u.,br19ht+wh1te,·'02X·,byteJltr[1), vs....Printf (hex_v.,br1ght+wh1t.,b1ue,·.·,bJltr[bccunt+1)I v.Jlutc(.uau.ry_vs,b1u.,bri9ht+wbite,' '), } for (1-16,1<31,1++) vs....Putc (bex_vs,br1gbt+wh1t.,b1u.,'\a'); vsJlrintf(.~_vs,b1u.,br19ht+wbi~,·'02X·,byteJltr[1), v • ....Putc(b.x_v.,~r1gbt+wh1t.,b1u.,'\r'); vs_curBOr(.umaary_vs,0,v._1iDe), bccuat - bccunt + 16, } } whil. (bccunt <- p_1ea), vs_cur.or(h.x_v.,O,O) , v_10ad_v.(hu:_v, hex_v.,O,O); void f111_.umaary(int pItt_.tart) 1f (hex_v_ed.t. - '1'Il1lB) { { b1_fie1d_h(curreat_fie1d); int 1, len, } } vs_.tartJlItt-pItt_.tart , vs _endJlItt-p1tt _.tart, 10119 .etup ....PO!ater. (void) 1f (.~_v_ed.ts - '1'IlUB) { c1ear_windaw(.ummary_v,'di.p1ay._c,WBI~,8LUB,SP), 10119 count-O, 1Ildex-Q, c1ear_v1rtua1_aareen(.ummary_v.,'di.p1ay._c,WB~,8LUB,BP), v._curBOr(Bumaary_VS,O,O), if (abyt •• - 0) ( do{ p_error(·BRROII.I Wo data to di.p1ay·,0); 0) bptr - plIDkJ*r[v._endJlItt++JI retura(O), <0 byteJltr - bptr->pllDket, } 1.11 - bptr->len, do{ v.Jlrintf(.u.aary_vs,br1ght+wh1te,b1ue,·'~d'~d·,v._endJlItt,len), bpt:r - (.truct buff *)~ffer[count), for (1-0,1<6,1++) ( packJltr[index++] - bptr, vsJlrintf(.u.aary_vs,br1ght+vh1t.,b1ue,·'02X·,byteJltr[1), count - count + bptr->l.a + .b:eof(bpt:r->lea); } } whil. ((count <- abyte.) " (index < I1OH_Plt'lB», vsJll1tc(.-ry_v.,br1ght+vh1t.,b1ue,' ')I retura(--index), for (1-6,1<12,1++) vsJlrintf(.u.aary_vs,br1ght+vh1t.,b1ue,·'02X·,byteJ!tr[1), } vsJll1tc(Bumaary_v.,br1ght+vh1t.,b1ue,' '" for (1-12,1<1~,1++) !at .croll_.uma_llp(int IlUII) { vsJlrintf(.~_vs,br1ght+vh1t.,b1ue,·'02X·,byteJltr[1),if (aurreat""p&cket - 0) returll(O); v.Jlutc (Bumaary_v.,br1ght+vh1t., blue, , '), if «current""packet - IlUII) <- 0) aUII - currellt""packet; for (1-1~,1<31,1++) 1f «currentJlacket - aum) < v._.tartJlItt) { vsJlrintf(.~_vs,br1ght+vh1t.,b1ue,·'02X·,byteJltr[1), if (vs_.tart....P1tt < 301) f111_.1DIIIIIIlrY(0)I VSJlutc(Bumaary_v.,br1ght+vh1t.,b1ue,'\Il'), .le.fill_8IDDUY(vs_.tart....P1tt - 300), v.Jlutc(Bumaary_v.,br1ght+vh1t.,b1ue,'\r'), v_10ad_v.(8IDDUY_v,.UBmarY_vs,0,(v._end....PItt-.1DIIIIIIlrY_v->bb)+1)I whil. «vs_endJlItt < IlIlaJllIDket.) " (vs_endJlItt-pltt_.tart < 299L)" } } .1..( uh1-p&ck( current""packat-vs_.tart....P kt ) I void f111_hex(int GurpllDk) if «.-rr_v->cureor_row - IlUIII) < 0) { aaroll_vladov(.~_v,-awa, whits, 0)1 int 1,p_1.Il,bcOllllt, } .truct buff huge *pkJltr, aurrentJI&Cket - current""packat - awa, unsigned char huge *bJ*r, h1....Pack(aurrentJl&cket-v._.tart....PItt), retura(l). 1f (hex_v_exi.ts - '1'IlUB) } c1ear_window(hex_v,'di.p1aya_c,WBI~,8LUB,SP), c1ear_v1rtua1_8Creen(hex_v.,~.p1ay._c,WB~,8LUB,BP)' int .croll_.uma_dova(int IlUII) { 1 - 0, 1f (aurrentJI&Cket < IlUII""packateH bcOllllt - 0, 1f ((currentJlackat + aum) > IlUIIIJI&Ckete) Dum - DUIII-1J&clteta - currect-1J&cltet: fill_detail( current -1J&cltet), it «current-1J&Cket + Dum) > va_lIIldJlItt) ( if (hu:_,,_a:iata - PALSE) ( fill_aummary(va_lIIldJlItt + Dum): create_window('ha:_w,78,6), w_load_va(aUIIIIIarY_w,aUIIIIIarY_VB,O,O), border_"indow(hu:_", 'displays_b, 8IJIGLB, DOUBLB, yellow, cyan): } hu:_,,_a:iata - TRDB, elae ( } uhl-1J&Ck(curreDtJlacket-VB_atartJlkt), if (hu:_va_a:iata - PALSE) JIIBke_h__ diaplayO' if «aummary_w->curaor_row + D\IIII) > Bummary_w->bh-1) printa(1,14,bright+vhite,blue,· REX A acroll_window(Bummary_w, D\IIII, white,O), SCIl .): } diaplay_window(h __ ",1,15,1),· currllllt-1J&cket - currlllltJlacket + num: fill_h_(currentJlacket) , hlJlack(currllllt-1J&cket-va_atartJlItt): diaplay_window(h __ ",1,15,1), return(l): VB_curacr(aUIIIIIarY_VB,O,O), } make_help-.kaY( ), return(O) : maIte_diaplaL°pt_key() , } make_manua_key(), malte_DBXt_fr __ key(), void eUlll__ nu(void) malteJlrev_fr __ key() , ( malte_sooIlLin_key() , int key, reatart, retf3: do ( VB_atartJlItt - 0, key - bioa_keyLDYBRD_JUW)), VB_endJlkt - 299, _itch (key) ( reatart - 0: caae UP ARROWI currllllt-1J&cket - 0: - _itch (currllllt_"indow) ( current WiDdow - , a ' , ca .. '.'1 currllllt-field - 1, if (acroll_aumm_up(1)) ( a-.ry:w_exiata - PALSB: fill_detail(currentJlacltet), detail_w_exiata - PALSB, fill_h_( cnu:rentJl&Oket), hex w exiata - FALSE, VB_curacr(.-J:Y_ VB, 0 ,currentJl&Oket-VB_atartJlkt) , B1IIIIiUry_VB_exiata - FALSB: } detail_va_exiata - FALSE, break, -l hex VB exiata - FALSB: ca .. 'd'l 0 disPlaYs_w_exiata - PALSB, if (current_Ueld - 0) break, DUDLP&clteta - aetuPJlOintera(), uhl_field_d(curraat_field), if (DUIII-1J&cketa - 0) return, if (hu:_w_a:iata - 'l'IlUB) uhl_Ueld_h(curraat_Ueld): if (detail_,,->curaor_row - 0) Setup Initial Examine ScrellJl with aUlllllary - detail - ha: *' acroll_winc:low(detail_w, -1, white, 0)1 '* hl_field_d(--current_field), if (~_w_a:iata - PALSB) ( if (hu:_,,_erlata - 'l'IlUB) hl_field_h(current_field), create_window(,aummary_w,78,6): VB_curacr(detail_va,O,curraat_field), border_window(aUIIIIIarY_w, 'diaplays_b, SIIIJGLB, DOUBLB, yellow, cyan): break, aUJllllllry_w_a:iata - '!'RUB: ca .. 'h'l } aaroll_"indow(hu:_w, -1, white, 0), printa(1,0,bright+vhite,blue,· HUM LBH DBS~IRA~IOHSOURCE TYPB DA~ break, .), } diaplay_~(aummary_w,l,l,l), break, if (a-.ary_VB_exiata - PALSE) make_aummary_diaplayO' fill_a~(O), w_load_va(a~_", aummary_va,O,O), ca .. DOIIII ARROWI curaor_oD( ), .witch(aurrllllt_"indow) { hlJlack( currentJlacltet) : caM '.'. clear_box(0,aUIIIIIarY_w->afrow-1,0,aummary_w->alrow,LIGBTGRAY,WBITB,0zB2): if (aaroll_a~_c:IowII(1))( VB_curaor(BUDmarY_va,O,O); fill_detail(current-1J&cltet), fill_hex(current...,p&OItet) , if (detail_,,_a:iata - PALO) ( VB_curacr(.-J:Y_ VB, 0 ,currlllltJlacbt-VB_atartJlkt) , create_window(,detail_",78,6), } border_window(detail_", 'diaplaya_b, SIJIGLB, DOIJBLB, yellow, cyan), break, detail_w_a:iata - '!'RUB: caae 'd'l h if (current_Ueld - au_linea) break, if (detail_va_a:iata - PALSB) maIte_detail_diaplayo: uhl_field_d(curraat_field), printa(1,7,bright+vhite,blue,· Detail if (hu:_,,_a:iata - 'l'IlUB) uhl_Ueld_h(current_Ueld), .); if «unaigned)detail_w->curaor_row - detail_,,->bh-1) diaplay_~(detail_w,1,8,1): acroll_winc:low(detail_w, 1, white, 0), :;·lf~;Jr~fi1i;t;~!~r.JII·i:

hl_tield_d(++curreat_tield); p_error("ThiB key haB Dot been 1Dpl_ted",O); it (hex_,, __ ilitB - TlttlB) hl_tield_h(aurreat_tield); break; vw_aur.ar(detail_vB,O,current_tield); break; ca .. 1'31 I*SCRBBIII OP'1'IOII8 "Uf*1 a ... 'h'l it (BIIDIIU'Y_"_eUBtB 1- FALSB) ( .aroll_"iadov(~_",1, white, 0); hide_wiadow(B1IIIIIIIIry_,,) ; break; B1IIIIIIIIry_"_-UtB - PALSB; ) tr __ "indow _lIIIIIIDry(' B1IIIIIIIIry_,,) I break; ) aa_ PAGB_UPI it (detail_v_exiBtB 1- PALO) ( _itch(aurreat_"iadov) { hide_"indow( detail_,,) I ca .. '.'. detail_"_eUBtB - PALSB; it (.aroll_B __ UP(B~_,,->bb» ( tr __ "indow_lIIIIIIDry(,detail_w) ; till_detail(aurreat-p&cket); ) till_h_(aurreatJlaoket); it (hex_,,__ iBtB 1- PALSB) ( vw_aur.ar(~_vw,O,aurreatJlaoket-vB_BtartJlkt); hide_"iadow(hex_v) ; ) hex_"_e¥BtB - PALSB; break; tr __ "indow_lIIIIIIDry(,h__ ,,) ; aa_ 'd'i ) it (current_Ueld - detail_,,->bb <- 0) break, it (diBplaYB_,,_exiBtB - FALSB) ( ubl_tield_d(current_tield), create-PQPup_meDu(,diBplaYB_",'diBplaYJlB,O,O,O), it (~_,,_erlBtB)ubl_tield_h(aurreat_Ueld), diBplaya_"_eUBtB - TItUS; .aroll_"iadov(detail_", -(detail_,,->bb-l), white, 0) , ) current_tield - current_field -(detall_,,->bb-l); .. tup_BCreen() ; hl_tield_d(aurreat_tield); diaplay_"iadow(diaplaYB_v, SCR_COL, KBW_ROW, SCR_PR); it (heX_,,_erlBt.) hl_tald_h(aurreat_tald); rett3 - get_Belectioa(diBplaYB_w); vw_aur.ar(detail_vB,O,current_tield), it (rett3 - -1) ( break; key - BSCAPB; caBe 'h'l restart - 1; .aroll_"iadov(~_", -(h __ ,,->bb-l), white,o); ); break; ) hide_"iadow(displays_w); -1 break, olB(white,LIGBTGIAY); ...... aa_ PAGB DOIIIII .vitch(aurreat_"iadov) { esaa_scr~(rett3); aa_ 'B'I it (.aroll_B __ dova(n_ary_,,->bb)) ( it (reBtart 1- 1) ( till_detail (ourrent-p&aket), make_help_key( ); Ull_h_( aurreatJlaoket); make_diBplay_opt_key(); vw_aur.ar(Bu.aary_vw,O,curreatJl&Cket-vB_BtartJlkt); make_meDus_key() I ) make_a.xt_trame_key( ); break; makeJlrev_trame_key( ); aaBe 'd'i make_sOOIII_in_key ( ) ; it «aurreat_tald + detail_Y->bh-l) >- lIIa_llaeB) break, ubl_tield_d(current_tield), it t-~_,,_-ut.)ubl_field_h( current_field) ; break; .aroll_"iadov( detail_", detall_,,->bb-l, white, 0) , current tield - current tield + detail ,,->bb-l, ca .. 1'.1 I*HAIII KBW "Uf*1 hl_tal.d_d(ourreat_tald); - key-BSCAPB; it (~_,,_-ut.) hl_tald_h(aurreat_tald); break; vw_aur.ar(detail_vB,O,current_tield), aa_ 1'61 I *1IU'l' !'RAKB ElY* I break, it (acroll_B __ dowa(l» ( aa_ 'h'l till_detail(ourrent-p&cket); .aroll_"iadov(~_",h __ ,,->bb-l, white, 0); till_h_(curreatJlacket), break, vw_auraor(su.aary_vw,O,curreatJlacket-vw_BtartJlkt); ) ) break, _itch (aurreat_"iadow) ( caBe RIGB'l' ADOIfI caae '.' I it-(current_wiadow - 'B') paa_"iadov(BIIDIIU'Y_",l), vw_auraor(s1llllllllry_vw,0,curreat-P&Oket-vw_BtartJlkt); break, break; ca .. LBJ"! AIUIOIfI caM'd'l if (current_wiadow - 'B') paa_"iadov(BIIDIIU'Y_",-l); VB_curBor(detail_vB,O,ourrent_tield), break, break; aa_ I'll /*BBLP ElY*/ ca .. 'h'l :111.:tt~l~fit~<~flili: ;~\~:(I~i~(I:i:1\ii1ftll=::.

V B_CurBOr(h.x_vB, 0, 0) 1 it (BUDDarY_V_arlBta) { break; clear_box(O,hex_v->atrow-l,O,hex_v->alrov,LIGII'l'GRAy,LI~ ) GRAY,SP) 1 break; current_window - 'e', ca_ P7. I*PRBVJ:OUS PRAIIBDY*I clear_box(O,BUDDarY_v->Btrow-l,O,aummarr_v->B1rov,LIGH!GR it (Bcroll_BUBm_Up(l» { AY,1IBITB,OxB2) , til1_detail(current-P8cket), vs_curaor(BWIIIIIIIrY_vs,O,curreDtJllICket-VB_Bt&rtJlkt); ti11_hex(currentJlacket), ) VB_cursor ( BID8IIrY_VB, 0 ,currentJlacket-VB_Bt&rtJlkt), .1a. it (detai1_v_arlata) { ) clear_box(O,hex_v->atrow-l,O,hex_v->a1rov,LIGH!GRAy,LI~ avitch (curreDt_viocSov) { GRAY,SP), case '.'. current_viDdow - 'd'1 vB_cursor( B~_VB, 0 ,current-packet-VB_Bt&rtJlkt) I clear_box(O,detail_v->atrov-l,O,detail_v->alrov,LIGH!GRAY break, ,WBITB,OxB2) I caB. 'd'. va_curaor(detail_va,O,current_tield); VB_cursor(detail_vB,O,current_ti.ld); ) break, break; CaB. 'h'. ) VB_cursor(hex_VB,O,O), break; break, detault. ) break; break, ) ca_ PB. I*.CONIR KBY*I ) while (key J- BSCAPB); p_8rror("'I'hia key haB Dot baeD ilIIpl_ted",O), tr_ acreenaO; break, cura~r_ott() I caae 'I'D. ) avitch(curreut_viDdov) { caa. 'B'. it (detail_v_exiatB) { clear_box(O,aummary_¥->Btrow-l,O,aummary_v->Blrov,LIGHTG RAY,LIGHTGRAY, SP) ; curreut viDdow - , d' , -1 clear_bOx(0,detail_v->atrow-l,0,detai1_v->Blrov,LIGHTGRA ~ Y, WIII'l'B, 0xB2 ) ; VB_curaor(detai1_va,0,current_ti81d), ) 81_ it (hex_v_exiata) { c1ear_box(O,aummary_¥->Btrow-l,0,aummary_v->B1rov,LIGHTG RAY,LIGII'l'GRAY, SP) , current_viDdow - 'h'; c1ear_box(O,hex_¥->atrow-l,O,hex_v->a1rov,LIGHTGRAY,WBI'l' .,Odl); VB_cursor(hBX_VB,O,O), ) break; caa. 'd'. it (hBX_v_exiata) { c1ear_box( 0, detail_v->Btrov-l, 0, detai1_v->a1rov ,LIGII'l'GRA Y,LIGHTGRAY,SP); current viDdow - , h' , olear_bOx(O,hex_¥->atrov-l,O,hBX_v->a1rov,LIGII'l'GRAY,WIII'l' .,Od2" VB_curaor(hex_VB,O,O), ) 81_ it (B~_v_.natB) { olear_box(O,detai1_v->atrov-l,0,detail_V->B1rov,LIGII'l'GRA Y,LIGII'l'GRAY,SP), current wiDdov - , a' , olear~x(0, BID8IIrY_¥->atrov-l, 0 , aummary_v->B1rov, LIGHTG RAY,WIII'l'B, 0d2 ) ; VB_cursor ( aummary_VB, 0 ,current-packet-VB_Bt&rtJlkt) , ) break; CaB. 'h'. 1:!i~i"[:~1~~f~tt1~"I~~ #!.aclude filter..prot( ); #!.aclude break; #!.aclude <.tdio.b> case 21 /* get match filter */ #!.aclude tiltllr_set(ret2); #!.aclude "header.h" break, can 31 /* clear all filters */ !.at tiltllr_addr(void), clear_tilters(); !.at tiltllr-protocol(void), break; !.at filtllr_match(!.at lea), ) ) while (I); unsigned char elf addre •• [6), /* 0 - 110 filtu, 1- filter */ ) unsigned char .f-addre .. [6); /* 0 -110 filtu, 1- filter */ unsigned char f iddre.s[6) [6), BOItDD fields_b - { unsigned !.at .o"ttaet, YBLLOIf, unsigned !.at avalue, BLUB, DOIJBLB, /* do tiltllrs 0 - 110 filtllr out 1 - filter out *1 DOIJBLB !.at - do_add_tilter-O, dOJJrot_tilter-O, do__ tch_filter-O, COLOas fields_c - { !.at tiltllr_11o, /* 0 pus 110 1 tiltu out 110 */ " BLAClt, !.at tiltllr_others, /* 0 pus others 1 tilter out othllrs */ CYD unsigned !.at t-protocola[II_l'RorocoLS](2)- { 1* 0 - pus protocol */ ), 0, LLC_ICAX, /* 1 - filter out *1 FIBLD *address_t, 0, IP, 0, AU, 0, URP, void tilter_nt(iDt add_or_type) 0, 'lB_CON1, 0, APOLLO, { 0, B'lBBIl'lALlt, !.at ret, j, 0, 0); !.at i-O, ohar tiltllr!.afo[60), char *ptr, WIIIlDOIf *tiltllr_", *address_", *protocol_", *address_wf, -I VSCRDIf *addres._v.t, if (add_or_type - 0) { /* address tilter */ w create..POPup_meDu(,address_", 'address"ps, 0, 0, 0), void olear_filter.(void) display_wiIldaw(address_", ADD_COL, IIlDltLROW, ADD_PR), { ret - get_selectioD(address_,,), /* 0 - source address*1 !.at i, it (ret < 0) { /* 1 - destination address*/ do""prot_filtllr - 0, hide_"!.ac:low(address_",, /* 2 - both addresses*1 do .. tah filter - 0, return, do:add_tIlter - 0, ) for (i-o,i< If_l'RO'fOCOLS,i++) { } protocol_teG[i) [1) - 175, t...,Protooola[i) [0) - 0, ptr-1lULL, ) ) create_,,!.ac:low('address_wf, 60, 6" bordar_"indow(addre .. _wf, 'fields_b, BIIP'lY, BKP'l'Y, BIIP'llr, BKP'l'Y), void filter __ l1u(void) di.play_wiJldaw(address_wf, 30, 17, 6); { clear_wiadaw(address_wf, 'fields_c, BIIP'lY, BIIP'llr, &Ph !.at ret2, addr .. s_wf->p_tormat - ,tields_t, oreate...,POPUp__ u(,tilter_", 'filtu...,P., 0, 0, 0); /* 'lIIIl VIIl'ftJAL 8CUlDl J'Oll '.rIIB I'IBLD 18 CUA'l'BD IIBU */ display_wiIldow(filter_", I'lL_COIL, KDID_IlOlf, I'IL_l'R); create_virtual_soreea( ,addre .. _v.t, 60, 5), do{ addr .. s_vst->p_tcrD&t - ,tields_t, ret2 - get_ •• lection(filter_"" clear_virtual_soreea(address_vsf, ,tields_o, BIIP'llr, DIP'l1', 8P); if (ret2 - -1) { ,,_load_vs(addr .. s_wf, address_vsf, 0, 0), hide_,,!.adow( filtllr_"), return, 1* 'lIIIl IrDLD 18 CItD.'llID DRB * 1 } if (add_Dr_type - 0) { _itoh(ret:2) vs"pr!.ats(addre .. _vst, 0, 0, blaok, cyan, "I'ilter .Addr... I"), { create_tield('addr .. s_t, 'fields_o, neutrals, IIULL, 1, "('[0-9A.-Fa-t)c'[0 ca •• 01 1* get address filter */ -9A.-Fa-t)O-'[0-9A.-Fa-t)c'[0-9A-l'a-t)c-'[0-9A-Fa-t)c'[0-9A.-l'a-t)c-'[0-9A.-lra-t)o'[0-9A-Fa-t tiltu_.et(ret2) , )o-'[0-9~Fa-f)c'[0-9A-l'a-f)o-'[0-9A-l'a-t)o'[0-9A.-l'a-t)c)"), break, vs_load_field(address_t, address_vst, 16,0), ca_ 11 1* get protocol tiltu *1 } el .. { :i)i.lltt:f,;ifd:~fi.1;11:l::

cr_te_field(,addr ... _f, ,fi.ldJI_c, aeutral., HULL, 1, do""prot_filter - 1; ·off •• t. ('[O-'A-Pa-f)c'[O-'~Pa-f)c-'[O-'~Pa-f)c'[O-'A-Pa-f)c) if (r.t - 0) filter_llc - 1; Value • ('[O-'A-Pa-f)c'[O-'~Pa-f)c-'[O-'~Pa-f)c'[O-'A-Pa-f)c)·); if (ret - II_PRO'l'OOOLS) filter_other. - 1; VII_load_fi.ld(addr ... .:.f, addre •• _v.f, t,O); } } fr __ wiDdow__ ry('protocol_w) I create-POPup_meIIu('protocol_w, 'protocol..,P., 0, 0, 0); addr ••• _f->p_uerr - u_err; di.play_willdov(protocol_w, PROT_COL, HBIItJ_ItOII, PRO_Pit); addr ••• _f->p_key. - 'field._mk; } edit_field(addre .. _f, BIIP'l'Y, lDIl'TI, lDIl'TI, JUIP'l'Y); } while (ret 1- -1); hide_window(protocol_w) ; w_cur.or(addre •• _vf, 30, 1'); } get_U.ld(addr ... _f, filterillfo), if (add_or_type) { '* match filter *' '* bcmp do match filter - 1; retUrD a 1 if they match •• canf(fIlterillfo,·'Otz'Otz·,~ff.. t, ,.value); el.. retura 0 }.1.. { '* addre.. filter *' do add filter - 1; *' •• canf(filterillfo,·,oaz,oaz,oaz,oaz,oaz'ozz·, int bcmp(UIlaigJltld cbar* ptr1, UIlsiCJl1ed char* ptrZ, int lllll) 'f_addre •• [O)[O), 'f_addre •• [O)[l), ,f_addr ••• [O)[Z), { ,f_addre •• [0)[3), 'f_addre •• [O)[t), 'f_addre •• [0)[5); int i; nitch (ret) { for (i-O;i

'* 0 - p ... 1 - til ter out iDt*' tilter_aateh(1Dt lea) ( it (do __ teh_tilter - 0, returu(O)J it «WUligued)leu < IIOtbet, return(l), it (lIValue - (WUligued)(pkt[.att_t)*256)+ pkt[lIOtt,let+lJ)) returu(O), returu(l), )

-I CJ1 :~lllfjfili~!lljl':il ';~l'rj~~;I:::li'f~\i: #include dr .. _box(5~,21,60,2~,DOOBLB,DOOBLB,yellow,blue)I #iaclude priate(55,21, lwbite, blu., "a"); #include priatB(55,22, lwbite, blue, "IOOK")I #include priate(55,23, lwbite, blue, " lB")1 #iaclude "b.ader.b" )

void IIake_Btart_Btop_ltey(void) void make_belp_ltey(void) { ( clear_box (70,21,76,2~,wbite,blue,'')1 clear_box (2,21,8,2~,white,blu.,'')1 dr .. _box(70,21,76,2~,DOUBLB,DOUBLB,yellow,blue)I drBV_box(2 ,21,8,2~,DOOBLB,DOIJIILB,yellow,blu.) I priate(71,21, lwbite, blu., "10")1 printa(3,21, lvhit., blu., "1·)1 priatB(71,22, lwbite, blue, "S~"); printa(3,22, lvhit., blu., "BBLP")I priata(71,23, lwhite, blue, "'STOP")I ) ) void make_Ht_mark_ltey(void) void cl.ar_butt.r_key(void) ( { . clear_box (10,21,16,2~,white,blu.,'')1 clear_box (la,21,2~,2~,wbite,blu.,'')1 drBV_box(10,21,16,2~,DOOBLB,DODBLB,yellow,blu.)I dr .. _box(la,21,2~,2~,DOOBLB,DOUBLB,yellow,blue)I printa(11,21, lvhite, blue, "2")1 priate(19,21, lwhite, blue, "3")1 printa(11,22, lvhite, blue, "SBT")I priatB(19,22, lwbite, blue, "CLEAR")I printa(11,23, lwhite, blue, "NARK")I priata(19,23, lwbite, blu., "BUPPR")I ) ) void aake_diaplay_opt_key(void) void lIake_ent_key(void) ( { olear_box (18,21,2~,2~,white,blu.,'')1 clear_box (~6,21,52,2~,white,blue,''); drBV_box(18,21,2~,2~,DOOBLB,DODBLB,yellow,blu.); dr .. _box(~6,21,52,2~,DOUBLB,DOUBLB,yellow,blue)I printa(19,21, lvhite, blue, "3"); priat.(~7,21,lwbite, blu., "7")1 printa(19,22, lwhite, blue, "ScaB")I priate(~7,22,lvhite, blue, "BXIT")I printa(19,23, lvhite, blue, "OPTS")I ) ) -I 0') void aab~ __ fr __ ltey(void) { olear_box (~6,21,52,2~,white,blu.,'')1 drBV_box(~6,21,52,2~,DOOBLB,DODBLB,yellow,blu.) I printa(~7,21,lvhite, blue, "7")1 printa(n,22, lwhite, blue, "PUV·" printa(n,23, lwhite, blue, "PRAHIl") I ) void aab_uext_fr __ 1tey (void) { olear_box (38,21,~~,2~,white,blu.,'')1 drBV_box(38,21,~~,2~,DOOBLB,DODBLB,yellow,blu.) I printa(39,21, lvhite, blue, "6")1 printa(39,22, lvhite, blue, "nrr·" printa(39,23, lvhite, blue, "PRAHIl"" ) void aab __ a_by(void)

{ olear_box (26,21,32,2~,white,blu.,'')1 drBV_box(26, 21,32,2~,DOOBLB,DODBLB,yellow,blu.) I printa(27,21, lwhite, blue, ".")1 printa(27,22, lvhite, blue, "~")I printa(27,23, lwhite, blue, "IIDU")I ) void ..u_soc:a_in_by(void) { clear_box (5~,21,60,2~,white,blu.,'')1 ·fflitf~ii~;li'~~.

#include createJlOPup_menu(r.main_v, 'mainJ)a, 0, 0, 0); #include blink_.tate(PALS.); #include <.tdio.h> aetup_.creen() 1 #include preaerve_acreen(80,25); #include "header.h" di.play_vindov(main_v, HAIIl_COL, HDnJ_ROW,HAIIl_PR); do{ ret - get_aelection(main_v); U_BIUl'* - U.er error routine called trom "edit_tield()". avitch(ret) { int*' u_err(PIBLD *t, int *key) ca.e 01 { tilter_menuO; printt("'007")1 break; '* print.(O, 0, lwhite, black, ".rror")1 *' caae 11 it (pau.e -- IIULL) pauee - bio._delaYI hide_vindow(main_v) ; pauee(O.l)1 cla(LIGHTGRAY,LIGHTGRAY); print.(O, 0, lwhite, black, " ")1 collect_MnuO, return (PALS.); ,* a •• ign PALS. to OK *' • .etup_acrreen () ; } display_vindow(main_w, HAIIl_COL, KBIItJ_ROW,HAIIl_PR)' break; FORMAT error_t - { ca.e 21 PALS., hide_vindow(main_v) ; 4, cla(LIGHTGRAY,LIGHTGRAY); IIIOXLAT, exam_menu(); IIIODBLBTB , setup_acren () I HIUD, display_vindov(main_v, HAIIl_COL, KBIItJ_ROW,HAIIl_PR)1 {O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O,O} break; case 31 store_menu ( ); IIORDlDl" e_bl break; COLORS e CI ca.e 41 WIHDOIf .oiain v, *collect v, *error VI .tat __ u()1 debur , - - int O break 1 -1 int enet-1, case 51 -1 tddi-O, cls(white,black); int our.or_on( ) 1 void p_error(cbar *.tr,int num) our.or(O,O); { exit(O)I printt("'007")1 } di.play_vindow(error_v,10,8,1)1 } while (ret 1- -I); clear_v!ndow(error_v"._o,WBrTB,DARXGRAr,SP) I it (nua - 0) ol.(vhite,black) 1 v-print.t(error_v,CIBTBR,2,WBI~,DARJtGRA%,.tr)1 our.or_onOI .1 •• ounor(O,O)1 v-print.t(arror_v,CIBTBR,2,WBI~,DARJtGaAy,.tr,nUIII), } v-print.t (error_v ,CIDI'1'JIIt,4 ,WBI~,DARJtGaAY, "Pre •• any key to continua") I void aetup_.cr_n(void) 9ftchOl hide_vindov(error_v) I { olear_box(0,O,80,24,BLUB,LIGBTGRAr,O~)1 print. (CIBTZR,1,BLUB,LIGBTGRAr," BTBBRHBTMOHITOR ")1 void" aa1n(ergo, arp) print. (ClBTZR,2,BLUB,LIGBTGRAr," AHD ")1 int . argol prints (ClBTZR,3,BLUB,LIGBTGRAr," PROTOCOLAHlLYIBR ")1 char **ergvl olear_box(KAIW_COL-1,5,74, 14,BLACJt,BLUB,SP) 1 { print. (ClBTZR,24,BLUB,LIGIl'l'GRAY," TO .IICAPB BY UITS TO CtlUBIil'l' KBIItJ BXClIPT M int retl AIIl KBHU "" } it (ar9C > 1) debug -1, it (debug -- 0) init_SOS()1 olear_tilter. () I init_video()1 our.or_ott()1 create_vindov(,.rror_v,60,S) 1 border_vindow( error_v, .. _b ,DOUBLB,DOOBLB, WBI~ ,DARmaAY) 1 error_v->p_torlllllt - .. rror_t, ... linclude linclude HBBU_'lBXT protocol_test[] - {" LLC Packets"," IP Packets"," ARP Packets " , linclude " RARP Packets "," 3COK Packets"," Apollo Packets", linclude Bthertalk Packets"," All others", HULL},

#define HABit 1 HBIlU_'lBXT display_test[] - {" SuIIIaIary Screen", " Detail Screen", " BBX/ASCII Screen", " SuIIIaIary-Detail", COLORS pop_c - { " S~-BBX/ASCII", BLUB, /* forll9Z'Ound_color */ " Detail-BBI/ASCII", CYAII, /* bacqrouad_color */ " S~-Detail-BBI/ASCII", BRXGB'l'IfIII'l'B , /* hi9hligbt character color */ HULL}J CYAII, /* ..au bar foregrowad color */ BLAClt, / * ..au bar backgrowad color * / HBIlU 'lBXT store test [] - {" Load from File ", YELLOW, /* invalid chcice_foregrouad_color */ - -" Store to File", LIGII'lGUY /* invalid_choice_background_color */ HULL}, h /* There are pl8lfty to place BBD 1111 */ IIORDBR pop_b - { YBLLOIf, /* border foregrowad color */ int hchars[] - {l,l,l,l,l,l,l,l,BMPTY}, BLUB, /* border background color */ int pro_hc[] - {2,2,2,2,2,2,2,2,BMPTY}, DOtlBLB, /* border horisontal character */ DOtlBLB /* border ".rtical character */ }, POPUP mainJls - { int exits[] - {B&CAPB, '\O'}, /* keys that IIIIke ~u disappear */ 'pop_c, /* colors */ int exits_lI&in[] - {'\O'll /* keys that II&ke ..au disappear */ ,pop_b, /* border -- for no border II&ke this HULL */ MOLL, /* shadow - for no shadow II&ke this HULL */ HBIlU_ltBYS pop_Ilk - { ,pop_u_-in, /* menu keys */ KOHl, /* key that .,,,.s highlight to top */ DD, /* key that .,,,.s highlight to bottom */ /* TITLB PBA'l'URBS */ UP_AlUlOlf, /* key that IIO".S highlight up one itam */ BLUB, /* title foreground color */ DOMII_AlUlOif , /* key that .,,,.s highlight down */ CYAII, /* title background color */ BJI'l'BR, /* key that Hlects the highlighted it_*/ 2, /* title column position on first line_~/ PAGB_UP, /* key to pa911 up */ " Main lleDu ", /* ptr to the title string */ 00 PAGB_DOIIlf, /* key to pa911 down */ 0, /* UHr defined routine */ /* GBIIBRAL PBA'ltJRBS */ 0, /* user defined routine */ BLAIIlt, /* background character */ exits /* key that ..us ~u disappear */ main_tllltt, /* pointer to the menu test */ II RDlI 'lXHB, /* # of IIIIlldmum it_ (frCIII 0) */ RDlI-'lXHB, /* # of it-. displayed */ HBIlU_ltBYS pop_IIk_1I&iu. - { hchirs /* ptr. to array of _au highlight Is */ KOHl, /* key that .,,,.s highlight to top */ ), /* II&ke this IIULL for no DD, /* key that .,,,.s highlight to bottom */ highlight */ UP_AlUlOlf, /* key that .,,,.s highlight up oae itea */ DOIfIf_AlUlOlf, /* key that .,,,.s highlight down */ BJI'l'BR, /* key that Hleots the highlighted it_*/ POPUP filterJls - { PAGB_UP, /* key to page up */ 'pop_c, /* colors */ PAGB DOIIlf, /* key to page down */ 'pop_b, /* border - for no border II&ke this II1JLL */ 0, - /* UHr defined routine */ HULL, /* shadow -- for no shadow II&ke this II1JLL */ 0, /* UHr defined routine */ 'pop_Ilk, /* meau keys */ exits_main / * by that llllkes ..au disappear * / ), / * 'l'XTLB PBA'l'IJJtBS */ BLUB, /* title foreground color */ HBIlU_TBX'l main_text[] - {" Filter setup", " capture Data", CYAII, /* title background color */ " bBaiae Data", " Store/a.store Data", 2, /* title column position on first line */ " IIet1Iork Statistics", "Quit",IIlJLL), " I'ilter lleDu ", /* ptr to the title string */

HBIlU_TBX'l filter_text[] - {" Statioa Address", /* GBIIBUL PIA'l'IJJtBS */ " Protocol", " Hatch Pattern ", BLAIIlt, /* background character */ " IJo I'ilter" ,1IlJLL), fil tar tIIlt1:, / * pointer to the ..au test * / RDlI_'1'riis, /* # of IIIIlldmum it_ (frail 0) */ HBIlU_TBX'l address_test[] - {" PrCIII Statioal", RDII_'1'XHB, /* # of it-. displayed */ - " 'lo Statioa I " , hahars /* ptr. to array of _nu highli9ht #s */ " Both 'lo • PrCIIII ", h MOLL}, &111 POPUP addressJls - { HULL, shadow -- for DO shadow make this HULL *' 5pop_C, 5pop_mlt, '* 5pop_b, '* colors *' '* DeDU keys *' '* border -- for DO border make this HULL *' HULL, DO make HULL '* shadow -- for shadow this *' 'lI'lLB l'BA'lIJItBS 5pop_mlt, BLUE,'* *' '* keys *' '* title foreground color *' - CYU,., '* title background color *' '*- 'll'l'Lll PKA'l'OltBS *' '* title column position on first line *' BLUE, '* title foreground color *' • Store Menu ., '* Ptr to the title strinq *' CYU, '* title background color *' 2, '* title coluaa position on first line *' • Addre , '* GBDR1IL l'BA'lIJItBS *' ••• '* ptr to the title strinq *' BLARlt, '* background character *' store_text, '* pointer to the _nu text *' '* GDlDAL PKA'lURBS *' RmI_'lID, '* .,ot IIIIl%.imwI.it_ (trcm 0) *' BLAHlt, '* background character *' RmI 'lID, '*I ot iteme displayed *' address_text, '* pointer to the _nu text *' hchars '* ptr. to array of _nu hiqhliqht Is *' amL'lIHB, '* .,of ..n.u. it_ (frcm 0) *' }, amL'lIHB, '* .,of i~ displayed *' , hchars '* ptr. to array of _u hiqhlight "s *' h '* make this HULL for no hiqhlight *' POPUP protocolJls - { 5pop_c, '* colors *' 5pop_b, '* border - for no border make this HULL *' HULL, '* shadow - for no shadow make this HULL *' 5pop_mlt, '* _u keys *' '* 'll'l'Lll PKA'l'OltBS *' BLUE, '* title foreground color *' CYU, '* title background color *' 2, '* title ooluaa positioa on first line *' • Protocol 'lype ., '* ptr to the title strinq *' -I '* GDlDAL PKA'lURBS *' <0 BLAHlt, '* background character *' protocol_text, '* pointer to the manu text *' IUJ!L'lIHB, '* .,of .an- it_ (fraa 0) *' RmI 'lID, '* .,of it __ displayed *' -pro_he '* ptr. to array of _u hiqhliqht "s *' h '* make this HULL for DO hiqhlight *' POPUP displaYJls - { 5pop_O, '* colors *' 5POP-F, '* border - for DO border make this HULL *' HULL, '* shadow - for DO shadow make this HULL *' 5pop_mlt, '* _u keys *' '* 'll'l'Lll PKA'l'OltBS *' BLUE, '* title foreground color *' CYU, '* title background color *' t, '* title coluaa positioa OD first line *' • Display Optioas ., '* ptr to the title strinq *'

'* GDlDAL PKA'lOItBS *' BLAHlt, '* background character *' display_ten, '* pointer to the _u text *' RmI_'lIHB , '* .,of .an- it_ (fraa 0) *' RmI 'lIHB, '* .,of it __ displayed *' -hohars '* ptr. to array of _u hiqhliqht "s *' h '* make this HULL for DO highliqht *' POPUP storeJls - { 5pop_O, '* colors *' 5pop_b, '* border -- for DO border make this HULL *' 80

~ ~. .a ~ J~~.~ ! I liilJ ,..I ~~~~~ '. ~ ~~~~~ ~ ...... Ba lij~~!i;~:ll;:_ii'~i:~\tl #inclu&t fil..-[O]- 0, #inclu&t #inclu&t <.tdio.b> create_vindov(loBtore_vt, to, 'I; #include bordar_vindov( .tor._wf, ,field._b, BH1"lY, BIIP'n, BH1"lY, BHPl'Y), #include "h.ader.h" di.play_viadow(store_wf, 30, 17, t); clear_viadov(.tore_wf, 'fielda_c, BKP'lY, DIP'l'r, 81')1 WIIiIDoW *.tore v, *.tore vtl store_wf->p_for.at - 'fi.lda_tl VSCRBBH *.tore - v.f I - PIELD *.tore:fl /* 'lBB VIR'l'IJAL SCUBH FOR TEl FIELD IS CRBATBD BBRlI: */ create_v!rtual_screaa(,.tore_v.f, '0, 5)1 /* TBBSB VDIABLBS ARB USBD D1 DU~mrraY-JQ11118D1 filter.c AHD .tor •• c */ store vst->p tor.at - ,tields tl clear:virtual_screea(atore_vat, r.diaplaya_c, BH1"lY, CYD, 81')1 int fexit.(J - {1DI'1'BR, ESCAPB, '\O'll v_load_v.(stor._wf, stor._VBf,. 0, 0); int lUIutralB(] - {IU:GBT.-AJlRDW, ESCAP., '\0')1 vsJlrints(ator._vst, 0, 0, black, cyan, "Eatar Pileaaes"), char mfilter[12JI /* 'lBB FIBLD IS CItllA'rBD SBRB */ char fileaame[60], create_tield(,store_t, ~fielda_c,n.utral., MULL, 1, "('[0-9~la-s-_Jc'[0-9A-la-s -_Jct[0-9A-la-s-_Ic'[0-9~la-s-_]c'[0-9A-la-s-_Ic'[0-9A-la-s-_ICt[0-9~la-s-_]c'[0-9A-la IIBIIU_DYS fi.ldB_1Ik - s-_Ic)"" 0, /* key that .av.. hi¢light to top */ 0, /* key that .av.. hi¢light to bottoll */ vs_load_ti.ld(.tor._f, .tore_vaf, 16,0)1 0, /* key that .ave. hi¢li¢t up ODe item */ 0, /* key that .av.. hi¢light dowD ODe item */ store_t->p_uerr - u_errl 0, /* key that .. lect. the highlighted ita. */ stor._f->p_kay. - 'ti.lda_mk; 0, /* key to p&98 up */ edit_field(.tor._f, DIP'l'Y, BH1"lY, DIP'l'Y, DIP'l'r)1 0, /* key to page dowD */ /* u .. r defiDed */ v_cursor(.tore_vt, 30, 19) 1 0, /* u .. r defiDed */ get_tiald(stor._t, tilea_); fexit.,0, /* key that ..u. a.uu diJlllppear */ LBPT_AJtJlOlf , /* key that .ave. cur.or l.ft */ ptr - fil"-I IU:GBT_DIIOIf , /* key that .ave. cur.or right */ it (rat - 0) { /* load til. */ 1l0III, /* key that .ave. cur.or to be9inaing of lin. */ it «outtil. - topen(tileaame,"rb"» -- MULL) { 00 DD, /* key that .av.. cur.or to _d of lin. */ p_error( "BRROlh Caaaot open tila",O) I ...... C'l'RL_RIGB'l'_AltltOlf, /* key that .ave. cur.or to nezt word */ gato exit; C'l'RL_LBP'!_DIIOIf /* key that .ave. cur.or to previous word */ ) ), til._open - 11 it «tread('abyt •• ,.iseot(10ag),1,outtile»1-1){ FORKA!r field._f - { p_error ( "ERROlh Error ia reading file (sise)", 0)1 PALS., /* r_ !lOde */ gato exit, t, /* tab d.se */ ) LP2CRLP, /* and-of-liae-for.atting */ total - 0, DBLB'l'B, /* baaupace */ dol UPPIIR, /* cue u.. */ if «ia_bytea - traad«cbar *),dbutter[total], {l,l,l,l,l,l,l,l,l,l,l,l,l,l,l,l,l,l,l,l) siseot(cbar) ,32000,outtile»-0){ )1 p_error("ERRORs Brror ia r.ading fil.",O)1 gato exitl void .tore __ u(void) ) { total - total + in_byte., int rat, fila_opeD-O, ) out_byte., in_byte., while (total < abytaS)l 10119int totBl, int i-O, ) al .. { /* .tore til. */ char *ptrl if ((outtil. - topen(tileaae, "vb"» - MULL) { nLB *outfil., p_arror( "ERRORs Caaaot open fil." ,0)1 gato exitl craate...J>OPUP__ u(loBtora_v, ,.toraJl., 0, 0, 0)1 ) di.play_viadow(.tora_v, B'l'R_COL, IIBIIU_IIOW, 8ft_PR), fil._opeD - 1; if «rat - 9K_.a1actioa(.tora_v» - -1) { if (tvrite(,abyt •• ,.iseot(loag),sizeot(char),outfil.) 1- 1) { bide_vindow( .tora_v) 1 p_error( "ERRORs Brror in writing fila· ,0), fr .. _vindow_..aDry(,atora_v)I gato exitl return 1 ) total - 0, ) dol ptr-1lULL1 if «total + 32000) > abyt •• ) out_byte. - (int) (Dbyte. - total) I e1.e - - 32000; out_byte. it (tvrite«char *)'dbutfer[tota1),1,out_byte., outfi1e) 1- out_bytes) { p_error("BRRORI Brror in writing file",O); gato exit; } total - total + out_bytes; } wbile (total < nbyteS)1 exit I if (file_open) fc10.e(outfi1e)1 hide_windav(store_¥t)1 fr .. _tie1d_memory('store_f)1 fr .. _windav_...ary(,store_¥t)1 fr .. _virtual_scr .. n_...ary(,store_vsf)1 hide_windav(store_v)1 fr .. _windav_aa.ory(,store_v); }

00 tV