PacketView™ User`s Manual
Contents
1. 080089A17562 809B AppleTalk 9 0 378 0031 802 3 090007FFFFFF lt 080089A17562 0031 DSAP AA SSAP AA C 10 0 592 0060 802 3 Broadcast DEMO 0060 IPX SAP 11 0 613 002E DIX 0207010DF931 lt 02608C542501 0BAD VINES IP 13 0 652 002E 802 3 020701058A6A BLUE 0020 IPX Unknown 14 0 657 003C DIX Broadcast lt 08001E016136 0800 IP 130 204 8 9 gt 15 0 827 0060 802 3 0307011C1C1C lt 020701074C2F 0060 DATA 80 80 00 00 16 0 887 0035 DIX 0800200894E1 lt AA000400FFFF 0800 IP 130 45 4 100 gt 17 0 908 0032 DIX Broadcast 02070101E458 0806 ARP 0800 REQUEST 19 0 986 0057 DIX AAO00400FFFF lt 0800200894E1 0800 IP 130 204 5 68 gt 21 1 034 004E DIX 0207010C11ED lt 02608C542501 OBAD VINES IP 22 1 114 0030 DIX 0800200894E1 lt AA000400FFFF 0800 IP 130 45 4 100 gt 23 1 122 0228 DIX AAO00400FFFF lt 0800200894E1 0800 IP 130 204 5 68 gt Fl F2 F3 F4 F5 F6 F F8 F9 F10 HELP i EDIT PACKET RESTART TOGGLE PRINT GOTO i IFILTERS REPLAY RECEIVE RECEIVE i PACKET 4 2 2 2 2 Typical Line Mode Display The first column containsthe packet number Each packet in the packet buffer is assigned a sequential number for reference The second column indicatesthe time forthe packet in one of three formats It may indicate eithera capture2. Number of adapters Price year long contract 1 5 50 6 64 100 65 499 100 1 50 adapterpast 65 500 1499 850 1 00 adapter pa st 500 1500 1850 0 80 adapter past 1500 Special pricing isavailable for special circumstances Crynwr also sells support to vendors of hardware and software that use packet drivers We can accept checksand purchase orders We accept orders via phone FAX oremail We re a small company so checksare preferable Prices subject to change without notice Crynwr Software 11Grant St Potsdam NY 13676 315 268 1925 FAX 315 268 9201 info 9crynwr com 58 Crynwr Packet Driver Installation excepts from the file INSTALLDOC on the Crynwr Packet Driver Collection diskette All numbersin this appendix are given in C style representation Decimal is expressed as 11 hexadecimal is expressed as OxOB octal is expressed as013 All reference to network hardware addresses source destination and multicast and demultiplexing information forthe packet headersassumesthey are represented asthey would be in a MAC level packet headerbeing passed to the send pkt function Using the packet drivers The packet driver must be installed priorto use Since each packet drivertakesonly a few thousand bytes this is best done in your AUTO EXEC BAT Since the Ethemet boards typically have jumperson board the packet driver must be informed ofthe values of these jumpers auto configure is possible but can d
3. All Rights Reserved include structs h include ip void _loadds void _loadds void _loadds void _loadds h format ip line format ip format arp line format arp 53 This is a multiple protocol decoder It supports both DOD IP and ARP Note how they are chained in the init yr routine The last entry in the chain should contain a NULL next SE pointer f xy PPP packet type goes here 1 Mu ARCnet packet type goes here EISZ 6 Iis 802 2 SAP type goes here II DEZ VS II 6 PIE Ethernet type goes here II 6 L1 6 6 6 L1 Protocol Name goes here I II 6 RESA ee 6 6 II 6 LER ZS VV VVVV VV VV VVVV struct protocol ip protocol 0 Demo IP 0x0800 0x06 Oxf0 0x0021 0 format ip line format ip struct protocol arp protocol 0 Demo ARP 0x0806 0x00 Oxf1 0x0000 0 format arp line format arp char yes yes char no no char well known protocols ICMP GGP TCP EGP IGP CHAOS UDP di byte protocol_lookup La OF MO OH Ge XE r char hardware_types Ethernet 10MB Ethernet 3MB Amateur Radio AX 25 Proteon PROnet Rings CHAOSnet IEEE 802 ARCNET struct protocol loadds init ip_protocol next amp arp_protocol return amp ip_pro
4. F2 Replay Cunent Packet Alt F2 to View F3 Replay Packet Range F4 Change Replay Loop Count F5 Change PacketGap F6 Change Packet Range Files DCFG The default configuration file for PacketView This file is loaded by default whenever PacketView isloaded To modify your default configuration use the Save Configuration to Disk function of the Main Menu after you have selected your preferred configuration The configuration options maintained by this file include the color mode function key display time display format screen mode 25 or 50 lines symbolic display mode and maximum packet count 22 23 HOSTS The HOSIS file isa text file that provides symbolic name definitions for TCP IP hosts The format of each line of the file is a follows HHH HHH THEE Host_Na me where THHE Decimal value from 0 to 255 decimal Host Name Arbitrary name forthe host machine Up to 15 characters without spaces Example A host whose name is ftp klos com and whose IP addressis 192 80 49 2 would be entered in the HOSTS file as follows Entry for ftp klos com 1 92 80 49 2 ftp klos com Blank lines and lines beginning with the characterare ignored ascomment lines NODES The NODES file isa text file that provides symbolic name definitions for 12 digit hexadecimal 48 bit network node addresses The format of each line of the file is as follows JHHHHHHHHHHHIE Node Name The HOSTS
5. Line Mode Action 10 Home End PgUp PgDn North South Move the cursorto the first packet on the screen if the cursoris already on the first packet then the cursor is moved to the first packet in the buffer Move the cursorto the last packet on the screen if the cursoris already on the last packetthen the cursoris moved to the last packet in the buffer Move the cursorup one screen load of packets Move the cursor down one screen load of packets Move the cursorup one packet Move the cursor down one packet The following keysare defined forthe Detail Mode display Key Detail Mode Action Home Move the cursorto the first packet End Move the cursorto the last packet PgUp Display the previous packet PgDn Display the next packet North Move the cursorup one line in the current packet display South Move the cursordown one line in the Current packet display Ctr Home Display the first screen of the current packet Ctr End Display the last screen of the curent packet Ctr PgUp Display the previous screen forthe current packet Ctr PgDn Display the next screen forthe current packet Main Menu The PacketView Main Menu is selected from the Main Display by pressing the Fl0 key Thisscreen providesthe ability to load and save PacketView configuration information to load and save the contents of the current packet buffer It also provides basic system resource information This information includesthe
6. available Disables the search fora packet driver stub This is useful when doing post analysison saved packet files The default isto search fora packet driver stub Specifiesthe specific interupt forthe packet driver stub to be used nn mus be specified in hexadecimal and must be in the range of 60 through 80 inclusive BOARD nn Specifiesthe ODI driverto be used nn must be specified in decimal and must be in the range of 1 through 8 inclusive BATCH filename Enables batch mode operation In this mode PacketView will collect packets until it s memory or packet table is full It then writesthe packetsto the filename specified and terminates Note that if any key is pressed while PacketView is executing in batch mode batch mode is automatically disabled and WILL NOT terminate upon a bufferfull condition The Main Display The Main Display provides the primary interface for PacketView The display provides current packet information in one of two modes Line Mode or Detail Mode Line mode providesa screen of single line descriptions of packets while Detail mode providesa complete description of a single packet If function key display is enabled the function key definitions forthe Main Display are displayed along the bottom portion ofthe screen Provided on all displays isthe number of packets currently in the packet buffer the percentage of memory used and the packet driver receiver state In addition to the t
7. controller boards If yourcontroller is not supported by the CRYNWR Packet Driver Collection referto the documentation specific to the packet driverfor your network controller or contact customer support Loading an ODI Driver If you would like to use an PacketView with an ODI driver it is recommended that you NOTload any networking software except LSLCOM and the actual ODI driver also known as an MUD This meansthat you would NOTload IPXODI and NETX or TC PIP or any other protocol stack that would use the same ODI driver you wish to use with PacketView Also try to determine if the ODI driver supports promisc uous mode This is necessary for proper operation of PacketView To load the LSL and ODI driver follow the instructions in the Novell or manufacturer s manualforthe specified network adapter An example foran NE2000 board would look like this lsl ne2000 Using PacketView To run PacketView type PV atthe DOScommand prompt If the PacketView program wasnot copied to a directory in your system s PATH be sure to change your current directory to the directory in which PacketView was copied Example C N2PV When PacketView initializes it determinesthe location of the PacketView program file PV EXE on the hard disk and assumes all other support filesare in the same subdirectory Forexample the default configuration file for PacketView is PV CFG If PV EXE is located in the subdirecto
8. file specified by the file handle If an eroroccurs 1isretumed home dir char home dir The home dirvariable containsthe addressof the PacketView home directory the directory the PV EXE file is located in current level int current level The current level variable containsthe current stack level being decoded It s purpose isnot curently defined for extemal protocol use Assistance with extemal protocol decoders 38 Technical support for PacketView is available by calling Klos Technologies Inc support at 607 753 0568 between 8 00 AM and 5 00 PM ESTor via e mail at support klos com Custom protocol decoderscan be developed fora nominal fee contacttechnical support 39 Glossary 40 Appletalk ARC NET A set of protocols defined by Apple Computer A self polling modified token passing network operating at a 2 5M bit data rate Blue Book EthemetThe original Ethemet definition Capture Filter CSMA CD DEC net Display Filter Ethemet EtherTa Ik Filter FTP IPX SPX ISDN Localtalk produced by Digital Equipment Corporation Intel Corporation and Xerox Corporation DIX Most notably differing from IEEE 802 3 by defining the type field asthe protocol ID rather than the data length Determines which packets from the network or packet file will be stored in the packet buffer Carrier Sense Multiple Access Collision Detection A network physical layer method used to control
9. header length d 32 bit s n ip gt version_length amp 0xf0 gt gt 4 ip version length amp 0x0f Type of service 02x n ip 5type of service Packet length 04x Packet ID 04x n tons ip length htons ip id S ip fragment offset 8000 tf Don t fragment Win tf More fragments s Fragment offset 04x n i1 amp 0x4000 yes no i amp 0Ox3fff protocol j lt sizeof protocol lookup j protocol lookup j i break sizeof protocol lookup tf Time to live d Protocol s Header checksum Mn ip time to live well known protocols j 55 htons ip checksum else printf Time to live d Protocol d Header checksum 04xn ip time to live i htons ip checksum printf Source host id Sinn htonl ip source host id printf Destination host id i n htonl ip destination host id i ip gt version_length amp 0x0f 4 if length lt i return packet i length i printf n switch ip gt protocol case 83 Vines IP format protocol packet length Oxff00 break default format raw IP Data packet length break void _loadds format_arp_line b arp length char b struct arp header arp int length Set color LTGREEN YELLOW b sprintf b DEMO DoD ARP 04x htons arp gt protocol ct switch htons arp gt operation case 1 sprintf b REQUEST fr
10. parameters the hardware intemrupt number and the I O address The defaults are 2 and auto sense These parameters do not need to be set unlessthe auto sense routine fails or otherwise disrupts operation of your PC 64 Racal InterLan NI9210 usage NI9210 n d w packet int no int no io addr base addr The NI9210 driver requires three additional parameters the hardware interrupt number the I O address and the memory base address The defaults are 2 0x360 and 0xd 000 Tiara Lancard usage tiara n d w packet int no int no io addr The Tiara driverrunsthe Tiara LANCARD E cards both eight and sixteen bit cards The Tiara driverrequirestwo additional parameters the hardware interrupt number and the UO port Ungermann Bass NIC PC usage UBNICPC n d w packet int no int no base addr The UB NIC PC driver requires two additional parameters the hardware interrupt number and the memory base address Westem Digital WD8003 E EBT EB EH A and EA usage WD8003E n d w packet int no o int level io addr mem base ll The WD8003E driver runs the Westem Digital E EBT EB EVA and E A Ethemet cards The WD8003E requiresthree additional parameters the hardware interrupt number the UO address and the memory base address The defaults are 2 and 0x280 and Oxd000 The wd8003 cardsdo not enable their memory until configuration time Some 386 memory mappers will map memor
11. time the time the packet wasreceived a relative time time before orafteran event marker ora delta time time between adjacent packets The third column containsthe size of the packet in hexadecimal This size indicatesthe size of the data field for the packet and doesnot include the MAC headerorCRC bytes The remaining columns can be optionally removed from the display orvary in format based upon the media and protocols involved Optionally the MAC Media AccessControl layer information may be displayed For Ethemet this includes the media descriptor DIX or 802 3 the destination address the source addressand the type field Fortoken ring the display indicates the media descriptor 802 5 the destination address and the source address For ARC NET the display indicatesthe media descriptor ARC the destination node ID the source node ID and the protocol ID ND gt UD The format of the remainder of the line will vary based upon the protocol indicated and whetherornot raw mode ortext mode are in effect Detail Mode Detail mode PacketView providesa complete description ofa single packet The display includesthe MAC layer information the packet number packet size and the time for the packet in one of three formats The time field may indicate eithera capture time the time the packet was received a relative time time before orafteran event marker ora delta time time between adjacent packets PacketView
12. to the original purchaserand any subsequent owner of the Software media for their use only on the license terms set forth below Opening the packaging and orusing PacketView indicates your acceptance of these terms If you do not agree to all ofthe terms and conditions or if after use you are dissatisfied with your PacketView Software retum the Software manualsand any partial or whole copies within thirty da ysof purchase to the party from whom you received it fora refund subject to our restocking fee Grantof License Klos Technologies Inc KT grants the original purchaser Licensee the limited rights to possess and use the Klos Technologies Inc Software and User Manual Software on the termsand conditions specifically set out in this License Term This License is effective asof the time Licensee receivesthe Software and shall continue in effect until Licensee ceasesall use of the Software and retumsor destroysall copiesthereof oruntil automatically terminated upon the failure of Licensee to comply with any of the terms of this License Your Agreement e Licensee is granted a license to use the Software for its intended purposes Licensee agrees that the Software 43 will be used solely for Licensee s intemal purposes and thatatany one time the Software will be installed on a single computeronly If the Software isinstalled on a networked system oron a computer connected to a file server or other s
13. would have been accepted are now ignored The criteria to be negated must be selected using the cursorup and down amows before selecting the Negate function The current packet selection criteria is always displayed in reverse video Lookup Node This function provides for the lookup of a defined Node name in the symbol table If the Node isfound its address may be retrieved for use in the filter definition Lookup Host This function provides for the lookup of a defined Host name in the symbol table If the Host name is found its address may be retrieved for use in the filter definition Lookup Vender This function provides for the lookup of a defined Vender name in the symbol table If the Vender is found its information may be retrieved for use in the filter definition F10 Save Aftera filterhas been completely specified the Save function saves it for use Match Criteria 20 Each filter may have from one 1 to five 5 match criteria These criteria may be Data match or Packet Type match Match criteria may be used more than once ina Single filteraslong asthe total number of match criteria fora filter does not exceed five 5 An example might use two Data match criteria in a single filter Fl Data Match This match criteria prompts for an offset within the data field 4 digit hexadecimal value of the packet at which to begin matching data The data field isdefined to start after all standard datalink
14. 2_SNAP ARCNET IEEE8022 IEEE8022SNAP define MEDIA_FDDI FDDI define MEDIA FDDI 8022 FDDI IEEE8022 define MEDIA_FDDI_8022_SNAP FDDI IEEE8022 4 IEEE8022SNAP define MEDIA PPP PPP define MEDIA SLIP SLIP 48 define define define define define define define define define define define define define define Struct G byte byte word byte struct t byte byte byte byte byte hi BLUE 0x01 GREEN 0x02 CYAN 0x03 RED 0x04 MAGENTA 0x05 BROWN 0x06 WHITE 0x07 GREY 0x08 LTBLUE 0x09 LTGREEN 0x0a LTCYAN 0x0b LTRED 0x0c LTMAGENTA 0x0d YELLOW 0x0e thernet header destination 6 source 6 type data Oken ring header access control frame control destination 6 source 6 data 49 struct arcnet header byte source byte destination byte type struct fddi_header byte frame_control byte destination 6 byte source 6 byte data i struct PPP_header byte direction byte address byte control word type struct SLIP_header byte direction struct sap_header byte dsap byte ssap byte control struct snap_header byte organization 3 word type struct protocol struct protocol next char protocol name word typel type field for DIX and SNAP byte type2 type field for 802 2 headers byte type3 type field for ARCNET word type4 type field for PPP word type5 to be d
15. A set of rules used to govem how two or more computers communicate on a network Protocol Decoder Extemal software procedure s loaded SLIP SNA Sta LAN TCP IP Token Ring by a Klos protocol analyzer to allow altemative and additional protocol display Seria Line IP Systems Network Architecture A suite of protocolsdefined by IBM for mainframe communications A network operating system produced by AT amp T Transmission Control Protocol Intemet Protocol A network physical la yer interface that uses a token message passed around a ring of computersto arbitrate network access 41 42 TSR VINES XNS X Windows Terminate and Stay Resident a program which remains in memory after it terminates Typically the program then provides services to other programs via a mutually agreed upon protocol or interface A network system produced by Banyan Systems Xerox Network Systems A suite of protocols defined by Xerox Corporation A workstation windowing system produced by the Massachusetts Institute of Technology part of which includes a network protocol Appendix A Software License Agreement PacketView SO FIWARE LIC ENSE AG REEM ENT READ THIS BEFORE USE Please read this License carefully You are purchasing a license to use the PacketView Software The Software isowned by and remains the property of Klos Technologies Inc isprotected by intemational copyrights and is transferred
16. EN301 n d w packet int no int no io addr The Multitech driver runsthe EN 301 cards The Multitech driver requirestwo additional parameters the hardware interrupt number and the I O port Novell NE1000 usage NE1000 n d w packet_int_no int_no io_addr 62 The NE1000 driver requirestwo additional parameters the hardware interrupt numberand the I O address The defaults are 3 and 0x300 63 Novell NE2000 usage NE2000 n d w packet int no int no io addr The NE2000 driver requirestwo additional parameters the hardware interrupt numberand the I O address The defaults are 2 and 0x300 Racal InterLan NI5010 usage NI5010 n d w packet int no int no io addr The NI5010 driver requires two additional parameters the hardware interrupt numberand the I O address The defaults are 3 and 0x300 RacalIntertan NI5210 usage NI5210 n d w packet int no int no io addr base addr The NI5210 driver requires three additional parameters the hardware interrupt number the I O address and the memory base address The defaults are 2 and 0x360 and Oxd000 Note that RacaltInterLan sets the default memory base to 0xa000 which is brain damaged because that area of memory is specifically reserved for video adapters and in fact the EGA and VGA use it Racal InterLan NI6510 usage NI6510 n d w packet int no int no io addr The NI6510 driver has two additional
17. F2 Add The Add function definesa new filter either Capture or Display See Filter Editing below 16 F3 Edit The Edit function allows previously defined filtersto be modified Afterthe filterto be modified hasbeen selected the functions available to modify the filter are the same asthose defined forthe Add function See Filter Editing below F4 Delete The Delete function allows you to delete a curently defined filter F5 Enable The Enable function allows you to selectively enable a currently defined filter Any number of filters may be enabled ordisabled at any given time F6 Disable The Disable function allows you to selectively disable a currently defined filter This is useful when you want to disable the actionsof a specific filter without deleting the filter The filter may be re enabled again with the Enable function see above at some time later Any number of filters may be enabled ordisabled at any given time F8 Load Filters Loadspreviously defined filters from disk If filters are currently defined a prompt is provided to ask if the curent filters should be kept If no is selected at the prompt then the curent filters are deleted before loading the filters from the file If yes is selected the filters from disk are added to the list of currently active filters If the total number of filters exceeds ten 10 then only the first ten 10 filters will be kept F9 Save Filters 17 Thi
18. Filter Menu PacketView providesthe mechanism using Filters to selectively start and stop packet collection store and view packets received from the network or selectively read packets from a packet file The Trigger Filter is used to start orstop packet collection When a packet isreceived that matches the filter criteria then packet collection is either started stopped ortoggled according to the filter definition Trigger filters are used to watch fora specific event on the network then to use either start orstop packet collection thus reducing the packets collected to those just around the significant event The Capture Filter selects which network packets received from the network driver orread from a packet file will be kept in the packet buffer Packets from the network that are rejected by the capture filter are dropped and can notbe retrieved later Capture filters are useful when it is necessary to collect only specific typesof packets from the network The Display Filter selects which packetsfrom the packet buffer will be displayed orsaved when the packet buffer is sa ved to a file Since the packets remain in the packet buffer once captured it is possible to modify display filters without losing packets from the packet buffer Display filters are used to view specific packet types from the packet buffer without losing packets not of immediate interest PacketView 1 23 Total packets 0 Memory used 0 Copyright Klos T
19. Note that thisfunction usesthe DOS read file function There is no interpretation of the data including new line carriage retum line feed conversions This function retums 1 if an emor occurs orthe numberof bytesof data read from the file into the buffer write int write handle buffer length int handle char buffer int length The write routine usesthe DOSfunction 0x40 to write bytesto the file specified by the file handle The parametersinclude the file handle as retumed by the open function the address of the buffer and the length of the buffer Note that this function usesthe DOS write file function There is no interpretation of the data including new line carriage retum line feed conversions This function retums 1 if an emor occurs orthe number of bytes of data written into the buffer from the file 37 Iseek long lseek handle offset where int handle long offset int where The Iseek routine is used to position the file specified by the file handle to a specific location The parametersinclude the file handle the long offset specifying the new position in the file and the control value indicating where the offset is relative to The where valuesare 0 for beginning of file 1 for current position and 2 forthe end ofthe file The Iseek routine retum 1L if an emoroccurs orthe long offset of the new current position of the file close int close handle int handle The close function closesthe
20. ONST Ends _BSS Segment Word Public BSS _BSS Ends Extrn _init Far HEADER TEXT Segment Byte Public CODE Public decoder header decoder header Label Byte Db DECODERI1 Dd init Dd 15 Dup 0 REV 1 i Addresses of support routines Assume CS HEADER TEXT DS DGROUP ES Nothing SS Nothing Public htons htons Proc Far Push BP Mov BP SP Mov AX BP PARM1 Xchg AH AL 47 Pop BP G Ret htons Endp Assume CS HEADER TEXT DS DGROUP ES Nothing SS Nothing Public _htonl htonl Proc Far Push BP Mov BP SP Mov AX BP PARM1 Mov DX BP PARM2 H Xchg DH AL Xchg DL AH Pop BP S Ret htonl Endp HEADER TEXT Ends End STRUCTS H Copyright Klos Technologies Inc All Right Reserved typedef unsigned char byte typedef unsigned short int word typedef unsigned long int dword define ETHERNET 0x00 define TOKENRING 0x08 define ARCNET 0x10 define FDDI 0x18 define PPP 0x20 define SLIP 0x28 define MEDIA_MASK 0x38 define IEEE8022 0x01 define IEEE8022SNAP 0x02 define DIX 0x04 define MEDIA_ETHERNET_8022 ETHERNET IEEE8022 define MEDIA_ETHERNET_8022_SNAP ETHERNET IEEE8022 IEEE8022SNAP define MEDIA ETHERNET DIX ETHERNET DIX define MEDIA_TOKENRING_8022 TOKENRING IEEE8022 define MEDIA_TOKENRING_8022_SNAP TOKENRING IEEE8022 IEEE8022SNAP define MEDIA_ARCNET ARCNET define MEDIA_ARCNET_8022 ARCNET IEEE8022 define MEDIA_ARCNET_802
21. PacketView Users Manual Copyright Klos Technologies Inc All Rights Reserved Legal Notice Information in this document is subject to change without notice and does not represent a commitment on the part of Klos Technologies Inc The Software described in this document is fumished underthe Software License Agreement set forth in Appendix A of thisdocument The Software may be used orcopied only in accordance with the termsof the License The purchasermay make one copy ofthe software forback up purposes but no part of this Users Manual may be reproduced stored in a retrieval system ortransmitted in any form orby any means electronic or mechanical including photocopying and recording forany purpose other than the purchasers personal use without the prior written permission of Klos Technologies Inc Trademarks ARCNET is a registered trademark of Datapoint Corporation DECnet isa registered trademark of Digital Equipment Corporation IBM PC and IBM AT are registered trademarks of Intemational Business Machines Corporation NetWare 9 isa registered trademark of Novell Inc PacketView Seria lView and ISDNView are trademarks of Klos Technologies Inc SMC isa registered trademark of Standard Microsystems Corporation VINES isa registered trademark of Banyan Systems Inc AppleTalk LocalTalk and EtherTalkS are registered trademarks of Apple Computer Inc Otherbrand and product namesare trademarks orreg
22. RANTY KTl warrantsthe Software media to be free of defects in workmanship fora period of ninety days from purchase During this period KT will replace at no cost 44 any such media retumed to KT postage prepaid This service is KTI s sole liability under this warranty DISCLAIMER LICENSE FEES FOR THE SOFTWARE DO NOT INCLUDE ANY CONSIDERATION FOR ASSUMPTION OF RISK BY KT AND KT DISCLAIMS ANY AND ALL LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAG ES ARISING OUTOF THE USE OR OPERATION OR INABILITY TO USE THE SOFTWARE OR ARISING FROM THE NEGLIGENCE OF KT OR ITS EMPLO YEES OFFIC ERS DIREC TORS CONSULTANTS OR DEALERS EVEN IF ANY OF THESE PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES FURTHERMO RE LIC ENSEE INDEM NIFIES AND AGREES TO HOLD KT HARMLESS FROM SUCH CLAIMS THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF THE SOFTWARE IS ASSUMED BY THE LICENSEE THE WARRANTIES EXPRESSED IN THIS LIC ENSE ARE THE ONLY WARRANTIES MADE BY KT AND ARE IN LIEU OF ALL OTHER WARRANTIES EXPRESSED OR IMPLIED INCLUDING BUT NOTLIMITED TO IMPLIED WARRANTIES OF MERC HANTABILITY AND OF FITNESS FOR A PARTIC ULAR PURPOSE THIS WARRANTY GIVES YOU SPECIFIED LEGAL RIGHTS AND YOU MAY ALSO HAVE OTHER RIG HTS WHICH VARY FROM J URISDIC TION TO J URISDIC TION SOMEJ URISDIC TIONS DO NOTALLOW THE EXCLUSION OR LIMITATION OF WARRANTIES SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOTAPPLY TO YOU General This License isthe complete and exc
23. XADECIMAL value h n snn rn b n Select the hardware interrupt request level for the COM20020 The default hardware intenupt request levelis5 To use a different hardware interrupt request level spec ify the level n between 2 and 7 inclusive Select the packet drivers software interface interrupt The default software interface interupt is 60 hex If this value causesa conflict with other software in your PC select another value between 60 hexand 80 hex inclusive Specify the new value nn in HEXADECIMAL Select the network speed of the COM20020 The default network speed isO for2 5 Mbps Values for n are listed below Value Network Speed 0 2 5 Mbps default 1 1 25 Mbps 2 625 Kbps 3 312 5 Kbps Select backplane mode forthe COM20020 To enable backplane mode use b 1 To disable backplane mode default use b O 69
24. akes a 32 bit unsigned long dword parameterand will display the IP address represented by the 32 bit value in the decimal dotted notation always padding to a display width of 15 characters Forexample if the parameter forthe 7 format contained the value 0xc 0503101 the resulting string will be 192 80 49 1 4 trailing spaces If symbolic mode isenabled the IP address will be looked up in the IP address symbol table If found the first 15 characters of the symbol representing the IP address will replace the dotted decimal notation otherwise the dotted decimal notation will be used 33 Formatting 48 bit Node Addresses The n format takesa byte pointerasa parameterand will displa y the node addressrepresented by the 48 bit 6 byte value pointed to by the byte pointer in hexadecimal format If symbolic mode is enabled the node address will be looked up in the node addresssymbol table If found the first 12 characters of the symbol representing the node address wil replace the hexadecimal format If not found the high 24 bits of the node addressare looked up in the vendoraddress symbol table If the vendor portion of the address hasa corresponding symbolic representation the first 6 characters of the symbol will replace the first 6 charactersof the hexadecimal node address followed by the remaining 6 hexadecimal digits of the node address Otherwise the entire node address will be displayed in hexadecimal format Forma
25. base and expanded memory available forstoring symbols and packets the packet driver intermupt the maximum number of packets that may be held in memory at once the network physicallayertype and the numberof node and host symbols curently defined 11 PacketView 1 23 Total packets 0 Memory used 0 Copyright Klos Technologies Inc Receiver state Enabled Main Menu Fl Help F2 Load Configuration from Disk F3 Save Configuration to Disk F4 Load Packet Buffer from Disk F5 Save Packet Buffer to Disk F10 Display Protocol List Serial number 01000001 Registered to Patrick Klos Klos Technologies Inc Available base memory 323K Packet driver at interrupt 0x60 Available expanded memory 2048K Packet list contains 16384 entries 0 node symbols using 0 bytes Current media type is Ethernet 0 host symbols using 0 bytes Main Menu The following describeseach ofthe functions F1 Help Providesthe curent help information forthe Main Menu F2 Load Configuration from Disk Thisfunction loads predefined configuration information for PacketView This configuration information includes the following configuration options Color Mono Controlsthe use of colorforthe display Function Lines Controlsthe display of the function key definitions on the Main Display Time Display Mode Controlsthe packet time display format Display Mode Selects eitherthe line ordetail modesforthe Main Displa y Screen Mode Selectsthe
26. ddressofthe line buffer the address of the packet buffer the packet buffers length the desired packet type and the media value for which the packet type isdefined format raw void format raw heading packet length char heading byte packet int length The format raw routine allowsa protocol decoderto display a packet or portion of a packet asa simple hexadecimal dump ofthe contents The parametersto this routine include the addressofthe text string to display asthe header the address of the packet buffer and the packet buffers length If text mode is enabled then the data will be examined to see if the entire buffercan be displayed astext if so it will be displayed astext otherwise it will be displayed in hexadecimal format raw line void format raw line buffer packet length 35 char buffer byte packet int length The format raw line routine allowsa protocol decoderto display a packet orportion of a packet asa simple hexadecimal dump of the contents The parametersto this routine include the address of the line buffer the addressof the packet buffer and the packet buffer s length If text mode is enabled then the data will be examined to see if the entire buffer can be displayed astext if so it willbe displayed astext otherwise it will be displayed in hexadecimal set color void set_color background foreground int background int foreground The set_color routine allowsa protocol decod
27. displayed on the screen The format detail routine should have a C function definition as follows void loadds format xyz packet length byte packet int length body of format xyz routine The actual name used forthe format detail routine is arbitrary since it isonly referenced through the protocol struc ture Library routines for extemal protocol decoders The following routines are provided by PacketView to aid in the formatting of packet information sprintf printf format_protocol format_protocol_line format_raw format_raw_line set_color falloc open read write lseek close 30 The following variables are provided by PacketView to aid in the formatting of packet information home dir current level 31 sprintf char sprintf buffer format char buffer char format The sprintf routine usesthe format string to format the text and vanablesspecified into the characterbuffer This routine works very similar to the standard C sprintf routine with a few exceptions See the section on printf fora description of the available format characters This routine retums the address of the end ofthe buffer Thisisa quick way to advance the pointerto the end of the buffer when you may want to append more information to the line buffer printf void printf format char format The printf routine usesthe format string to format the text and variablesspecified into the int
28. echnologies Inc Receiver state Enabled Edit Filter Menu Fl Help F2 Edit Trigger Filters F3 Edit Capture Filters F4 Edit Display Filters Edit Filler Menu 14 15 Trigger Filter Capture Filter and Display Filter Screens The Filter Screens provide the ability to define modify remove load and save up to ten 10 Trigger ten 10 Capture and ten 10 Display filters Each filterallowsfor specific fields of the packet to be checked and either used to start orstop packet collection Trigger Filters saved in the packet buffer Capture Filters ordisolayed on the screen Display Filters Note The packet receiver is disabled while editing Capture Filters but remains enabled while editing Display and Trigger Filters PacketView v1 23 Total packets 0 Memory used 0 Copyright Klos Technologies Inc Receiver state Disabled Capture Filters Filter number 0 enabled Data at offset 0 is 45XXXXXXXXXXXXXX Data at offset 14 is OOAXXXXXXXXXXXXX Filter number 1 enabled Data at offset 0 is 45XXXXXXXXXXXXXX Data at offset 16 is OOAXXXXXXXXXXXXX Fl F2 F3 F4 F5 F6 F7 F8 F9 F10 HELP i ADD EDIT IDELETE ENABLE jDISABLE LOAD SAVE DONE 4 Filter Screen The following describeseach ofthe functions EL Help Providesthe cument help information forthe Filter Screens
29. edule the Govemment has agreed to refrain from changing or removing any insignia or lettering from the Software or Documentation or from producing copies of manuals or disks except forbackup purposes and 1 Title to and ownership of the Software and Documentation and any reproductions thereof shall remain with KTl and its licensor 2 use of the Software shall be limited to the facility for which it isacquired and 3 if the use of the Software is discontinued at the original installation and the Govemment wishes to use it at another location it may do so by giving prior written notice to KT specifying the new location site and classof computer Govemmental personnel using the Software otherthan undera DoD contract or GSA Schedule are hereby on notice that use of the Software is subject to restrictions that are the same orsimilarto those specified above Appendix B Sample Extemal Protocol Decoder Listings HEADER ASM Page 06 132 Title HEADER Header for protocol decoders Written by Patrick Klos Copyright Klos Technologies DGROUP Group DATA PARMS Struc Dw Dw E Dw 2 PARMI Dw PARM2 Dw PARM3 Dw 2 PARM4 Dw PARMS Ends HEADER TEXT Segment Byte Public CODE HEADER TEXT Ends DATA Segment Word Public DATA Public __acrtused acrtused Dw 0 Public decoder header Inc BP IP 7CS _decoder_header Dd HEADER TEXT decoder header DATA Ends CONST Segment Word Public CONST C
30. efined void show line void show packet 0 50 struct interface REV 1 define lseek define close byte i_signature 8 struct protocol i initialize byte i sprintf 0 void i_printf void i_format_protocol void i_format_protocol_line void i_format_raw void i_format_raw_line void i_set_color byte i_falloc int i_open int i_read int i_write long i_lseek int i_close char i_home_dir int i_current_level ifdef INTERNAL_DECODER char sprintf extern char home_dir extern int current_level else EXTERNAL DECODER extern struct interface decoder_header define sprintf decoder_header gt i_sprintf define printf decoder header i printf define format protocol decoder header i format protocol define format protocol line N decoder header i format protocol line define format raw decoder header i format raw define format raw line N decoder header i format raw line define set color decoder header i set color define open define read define write decoder header i write decoder header i open decoder header i read decoder header i lseek decoder header i close define home dir decoder header i home dir define current level decoder header i current level endif unsigned int htons define nto
31. emal screen buffer This routine works very similarto the standard C printf routine with a few exceptions The format characters supported in the PacketView version of printf and sprintf are defined as follows Control letter s Description of function 96 Display 96 character b Format an unsigned binary integer Ib Format an unsigned long binary integer d Format signed decimal integer ld Format long signed decimal integer D Format long signed decimal integer u Fomat unsigned decimal integer lu Fomat long unsigned decimal integer x Format hexadecimal integer Ix Format long hexadecimal integer X Format long hexadecimal integer 32 m Format a hexadecimal byte with a mask the first value isthe hexadecimal byte and the second value isthe mask If the coresponding nibble of the mask is 0 then X is output otherwise the hexadecimal nibble is displa yed S Format string C Format character t Format the long tic k time value to a fixed point decimal value The following formats provide fora standard display of network values and for symbolic substitution when the value matchesa defined symbol Control letter s Description of function i Format IP addressasa dotted decimal number or replace with the symbolic name n Format node addressasa 12 digit hexadecimal numberor replace with the symbolic name o Format OID asa dotted numeric value orreplace with the symbolic name Formatting IP Addresses The i format t
32. er The format of each line of the file is as follows OID Name HH HH THE THE THE where OID Name A symbolic name to be used in place ofthe object ID prefix HHHH THE THE THE A object ID prefix in dotted decimal notation The object ID may have up to 128 32 bit values Example Here are a few standard SNMP object IDs iso org dod internet mgmt mib 2 PRPRPRRPP Ww Ww Ww Ww Ww DOV 0 ee ve 2 4 Blank lines and lines beginning with the character are ignored as comment lines 27 Customizing PacketView Extemal Protocol Decoders PacketView supports custom extemal protocol decoders These extemal protocol decoderscan be developed using most C compilers Source code fora sample extemal protocol decoderis provided on the PacketView diskette as well asin Appendix B of this manual All extemal protocol decoders must be written in LARGE model assuming DS does NOT equal SS and the decoders entry points must be forced to load DSupon entry The MAKEMSC and MAKEBC files show the properoptionsto use with the Microsoft and Borland C compilers respectively These are four main components in an extemal protocol decoder These include the protocol structure the initialization routine the format line routine and the format detail routine The protocol structure The protocol structure see structsh in Appendix B provide the interface between the extemal protocol decoderand PacketView It includesthe na
33. er either line or detail mode to select the background and foreground colorsto be used to display the information relating to the current packet In PacketView the color attribute is allocated on a per line basis Colorscannotbe changed in the middle ofa line In detail mode separate lines may have different colors In line mode the last set color call determinesthe colorthat will be used to display the line See the structs h file fordefinitions forthe variouscolors falloc byte falloc size int size The falloc routine is used by protocol decoders during initia lization time only It allowsa protocol decoderto allocate memory from the PacketView memory pool for whateverthe protocol decoder may deem necessary The size parameter specifies the size in bytesof the area to be allocated open 36 int open filename mode char filename int mode The open routine usesthe DOSfunction Ox3d to open the file specified by the filename The file isopened with the mode specified 0 read only 1 write only 2 read write If the file open is successful the file handle is retumed otherwise a lisretumed read int read handle buffer length int handle char buffer int length The read routine uses the DOS function Ox3f to read bytes from the file specified by the file handle The parameters include the file handle as retumed by the open function the address of the buffer and the length of the buffer
34. file is similar in format to the standard TCP IP HOSTS file 24 where THHHHHHHHHHHE Refersto a twelve digit hexadecimal number Each digit between 0 9orA EI Node Name The name assigned to the node 12 characters spaces allowed Example It is usually useful to assign namesto file servers and workstations A file server whose name is FS1 would be quickly recognized if it s node address had a name associated with it If the file serversnode addressis 0207010EF0F4 the NODES file would contain the following Entry for FS1 0 207010EFO0F4 FS1 Blank lines and lines beginning with the characterare ignored ascomment lines VENDORS The VENDORS file isa text file that provides symbolic translations for the 24 bit vendor specific portion of 48 bit node address The format of each line of the file is as follows THHHHHE Vendor Name where THHHHHE Six digit hexadecimal number corresponding to the assigned vendor ID forthe specified vendor Vendor Name A six character representation forthe specific vendor 25 26 Example 3Com s vendor ID assigned by IEEE is 02608C hex To specify this in the VENDORS file insert the following line Entry for 3Com 0 2608C 3Com Blank lines and lines beginning with the characterare ignored ascomment lines OIDS The OIDS file isa text file that provides symbolic definitions for SNMP object IDs This makes viewing SNMP packets much easi
35. hardware interupt number and the memory base address The defaults are 2 and Oxb800h D Link DE 600 usage DE600 n d w packet_int_no The D Link Pocket Lan Adapter packet driver requires no additional parameters HP Ethertwist usage HPPCLAN n d w packet_int_no int_no io_addr The HPPCLAN driver requirestwo additional parameters the hardware interrupt numberand the I O address The defaults are 3 and 0x300 ICL EtherTeam16 61 usage ETHIIE n d w packetintno intlevel ioa ddr cabletype The ETHIIE driver requires three additional parameters the hardware interupt number the I O address and the cable type The interupt levels supported by the adapterare 5 9 2 12 and 15 The Ethemet lle can be attached to thick or thin Ethemet cables and the selection is made in software The cable type parameter should be zero forthick and one forthin With the Twisted Pair TP version of the adapter you must set interface to the value 1 thin The defaults are 9 2 0x300 and 1 thin Please note that the adaptercan be used only in a 16 bit slot of your computer Intel EtherExpress usage EXP16 n d w packet int no o addr2 The Intel EtherExpress packet driver has one optional parameter The lt o_addris only needed if there is more than one EtherExpress card in your system Otherwise the driver will search foradapterand get its parameters from it Multitech EN 301 usage
36. headers including 802 2 and SNAP headers Once the data offset hasbeen entered up to 16 hexadecimal digits 8 bytes of data to be matched isentered An X in any digit of the match data matches all possible values for the digit F2 Packet Type The Packet Type criteria compares the 4 digit hexadecimal packet type provided and selects the packet if the packet type matches Symbol Lookup During Filter Definition When entering match criteria data a symbol lookup will allow the user to insert the value of a symbol into the match criteria data Thisisaccomplished by pressing eitherfunction key F6 F7 orF8 depending on the type of symbol being used Use F6 for node addresses from the NODES file F7 fora host address from the HOSTS file and F8 fora vendor ID from the VENDORS file To insert a value from a symbol pressthe appropriate function key select the desired symbol using the cursor keys PgUp or PgDn then press ENTER The value for the specified symbol will be entered into the match criteria 21 Packet Replay Menu PacketView vl 23 Total packets 79 Memory used 0 Copyright Klos Technologies Inc Receiver state Enabled Current Packet 79 Packet Replay Menu Fl Help F2 Replay Current Packet Alt F2 to View F3 Replay Packet Range F4 Change Replay Loop Count F5 Change Packet Gap F6 Change Packet Range Replay Loops 1 Packet Gap Actual Packet Range 1 79 Packet Replay Menu F1 Help
37. hs htons unsigned long htonl define ntohl htonl 51 T Copyright Klos Technologies Inc All Right Reserved E struct arp_header word type word protocol byte node_len byte host_len word operation byte source_node_addr 6 dword source_host_id byte target_node_addr 6 dword target_host_id struct arp_header2 word type word protocol byte node len byte host len word operation byte source node addr dword source host id byte target node addr dword target host id hi struct ip_header byte version_length byte type_of_service word length word id word fragment_offset byte time_to_live byte protocol word checksum dword source host id dword destination host id byte options struct tcp header word source_port word destination_port dword sequence dword acknowledgement word control word window word checksum word urgent_ptr di struct udp_header word source_port word destination_port word length word checksum byte data hi struct rip_entry word address_family 52 word reservedl dword ip address dword reserved2 2 dword metric struct rip_header byte command byte version word reserved struct rip_entry rip_entries 3 X HH This is a sample DECODER for Klos Technologies protocol analyzers It decodes IP and ARP packets Copyright Klos Technologies Inc
38. istered trademarks of their respective holders O Copyright Klos Technologies Inc All Rights Reserved Table of Contents Introduction Product Description System Requirements System Limitations Customer Support Installation Installing Pa cketViewTM Loading the Packet Driver Loading an ODI Driver Using PacketViewTM Command line options The Main Display RAW Mode TEXTMode Line Mode Detail Mode Key Functions Main Menu Edit Filter Menu Trigger Filter Capture Filter and Display Filter Screens Filter Editing Match Criteria Symbol Lookup During Filter Definition Packet Replay Menu Files PV CFG HOSTS NODES VENDORS OIDS Customizing PacketView Extemal Protocol Decoders The protocol structure The initia lization routine The format line routine The format detail routine Library routines for extemal protocol decoders sprintf printf Formatting IP Addresses C0 4 OY O Ui Uu amp UJ UJ NJ N NJ NJ EB B ES ES Formatting 48 bit Node Addresses Formatting Object IDs format protocol Tomat protocol line Tomat raw format raw line set color falloc open read write keck close home dir current level Assistance with extemal protocol decoders Glossary AppendixA Software License Agreement Appendix B Sample Extemal Protocol Decoder Listings HEA DER AM STRUCTS H IP H DEMO C Appendix C Crynwr Packet Driver Collection Crynwr Packet Driver Installation Using the packet drivers Appendix D Klos Technologies Inc Pac
39. isturb other boards The first parameter is the software interrupt used to communicate with the packet driver And again because each board isdifferent the rest of the parameters will be different All parameters must be specified in C style representation Decimal is expressed as 11 hexadecimal is expressed as OxOB octal is expressed as013 Any numbersthat the packet driver prints will be in the same notation Before installing the packet driver you must choose a software interrupt number in the range between 0x60 and 0x80 Some of these interrupts are used for other purposes so your first choice may not work Running a packet driver with no specifications will give a usage message The parameters for some packet drivers are documented below 59 Most drivers can also be used in a PROM boot environment see PROMBOOT NOTforhow to use d and n options for that purpose The w switch is used for Windows Install the packet driver before running MS Windows This switch doesnot prevent Windows from swapping your network application out of memory it simply detects when that hashappened and dropsthe packetson the floor NOTE Notall packet drivers listed below have been tested with PacketView Please call Klos Technologies Inc customer support if you are having problems with a particular packet driver 3Com 3C501 usage 3C501 n d w packet int no int no io_addr The 3C 501 driver requirestwo additional paramete
40. ket Drivers ETHPD COM20020 Introduction Product Description PacketView isa software product that allows you to view network traffic debug network drivers and protocols and leam more about yournetworking environment Coupled with a network controller and a packet driveror ODI driver PacketView tums any DOS ba sed system into a realtime protool and network analysistool PacketView can also be used to view and analyze previously saved packets without a network controller or driver A unique feature of PacketView isthat it allows usersto independently develop theirown protocol decoders using assemblerora Microsoft C compiler for use with PacketView System Requirements PacketView requires an IBM or compatible PC XT ATor PS 2 system running DOS version 5 00 orabove A hard disk and 640K base memory is recommended but not required For realtime accessto a network the system must contain a network controller with eithera packet driver or ODI driver that sup ports promiscuous mode System Limitations PacketView uses base and expanded EMS memory to collect packets from the network Asmuch base memory as possible should be available when PacketView is loaded Filters 10 Display Filters and 10 Capture Filters Each filter consists of up to 5 match terms Packets Defaultsto 4096 packets user may select up 65535 also limited by available memory Protocol Decoders Limited by available memory Symbols Limi
41. lusive statement of the parties agreement Should any provision of this License be held to be invalid by any court of competent jurisdiction that provision will be enforced to the maximum extent permissible and the remainder of the License shall nonetheless remain in full force and effect This License shall be controlled by the lawsof the State of New Hampshire and the United Statesof America 45 Rider For U S Govemmental Entity Users This isa Riderto the PacketView SOFTWARE LIC ENSE AGREEMENT License and shall take precedence overthe License where a conflict occurs 1 The Software was developed at private expense no 46 portion was developed with govemment funds isa trade secret of KT and its licensor for all purposes of the Freedom of Information Act is commercial computer software subject to limited utilization as provided in any contract between the vendorand the govemment entity and in all respects is proprietary data belonging solely to KT and its licensor For units of the DoD the Software issold only with Restricted Rights as that term is defined in the DoD Supplement to DFAR 252 227 7013 b 3 ii and use duplication or disclosure is subject to restrictions set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at 252 227 7013 Manufacturer Klos Technologies Inc 604 Daniel Webster Highway Memmack NH 03054 If the Software was acquired undera GSA Sch
42. me ofthe protocol being decoded the type valuesthat identify the protocol for various frame types the address of the routine to be called when displaying the protocol in line mode and the address ofthe routine to be called when displaying the protocol in detail mode The initialization routine The initialization routine s primary function is to retum the address of the protocol decoders protocol structure to PacketView The initialization routine can link several protocol structures together forming a list of protocols to be handled by the decoder This is necessary for those protocol decoders that will support more than one protocol The initia lization routine can also load any necessary data i e 28 tables from disk using the open read Iseek and close routines The initialization routine should have a C function definition as follows struct protocol loadds init body of init routine Note that the name used mustbe init as that is what the header file HEADER ASM will be calling to initialize the decoder The format line routine The format line routine is called whenevera protocol isto be displa yed in line mode In this mode each packet is summarized in a single line on the screen allowing information about many packetsto be displayed on a single screen The format line routine is passed three parameters the addressof a characterbuffer into which the null terminated single line descriptio
43. media access in a bustopology A suite of protocols defined by Digital Equipment Corporation Determines which packets from the packet buffer will be displayed or saved to disk A 10 megabit persecond baseband bus topology network origina lly developed by Xerox Corporation AppleTalk on Ethemet Providesthe meansto select and reject packets File Transfer Protocol for TCP IP Intemetwork Packet eXchange Sequenced Packet eXchange protocols used by Novell Integrated Services Data Network digital communication services provided by telephone companies Low speed AppleTalk for personal computers MAC MS NET NetBIOS Sun NFS Novell NetWare Packet Buffer Packet Driver PPP Media Access Control A datalink layer protocol controlling accessto the physical layer A network operating system produced by Microsoft Network Basic Input Output System A protocol and system interface fordata exchange and network access Network File System A network operating system based on TCP IP and produced by Sun Microsystems The file serverbased network operating system produced by Novell The memory used to hold packets received from the network ora file A standard software interface to a network controller Point to Point Protocol PromiscuousMode Network controller mode where Protocol the network controller passes every packet on the network to the packet driver regardless of intended destination
44. n isto be placed the addressof the packet buffercontaining the packet contents and the length of the packet buffer in bytes In general the format line routine will use a special form of sorintf to fill the line buffer with the desired information to describe the packet The format line routine should have a C function definition asfollows void loadds format xyz line line packet length char line byte packet int length body of format xyz line routine The actual name used forthe format line routine is arbitrary since it is only referenced through the protocol structure The format detail routine 29 The format detailroutine is called whenevera protocol isto be displayed in detail mode In this mode each packet is displayed with as much information as possible or necessary to describe the packet The format detail routine is passed two parameters the address of the packet buffer containing the packet contents and the length of the packet buffer in bytes In general the format detail routine will use a special form of printf to present the packet to the user Technically the printf routine provided wil be formatting the data asrequested by the decoder and putting that data into an intemal screen buffer which is then manipulated by PacketView to allow the userto scroll the packet through the available lines on the screen This mechanism also allowsfor printing of packets in the same form asthey are
45. number of lines displa yed forthe Main Display on EGA VGA systems 12 Symbolic Mode Selects whether symbols are to be displayed Packets Maximum number of packetsthat may be held in memory at any one time The new configuration information takes effect immediately exceptforthe Packets value which takes effect only upon initialization of PacketView F3 Save Configuration to Disk Thisfunction savesthe current configuration information forPacketViewTM See Load Configuration fora description of the configuration optionsto be saved This configuration can then be loaded again ata latertime F4 Load Packet Buffer from Disk Clearsthe packet buffer then loads packetsinto the packet buffer from the file specified Any curently enabled Capture Filter s will be applied to the packets from the disk and only those passing the Capture Filter s will be placed into the packet buffer F5 Save Packet Buffer to Disk Savesthe packet buffer contentsto the file specified Any currently enabled Display Filter s will be applied to the packets from the packet buffer and only those passing the Display Filter s will be placed into the output file The default extension of PVD isadded when no extension is given F10 Display Protocol List Thisoption will display a list ofthe protocol decoders loaded along with some memory usage information This 13 list will include any custom protocol decodersthat have been loaded Edit
46. om i for i htonl arp source host id htonl arp 5target host id break 56 case 2 sprintf b REPLY from i to i htonl arp source host id htonl arp 5target host id break default sprintf b UNKNOWN break void _loadds format_ip_line b packet length char b byte packet int length int i j k struct ip header ip struct ip header packet Set color LTGREEN WHITE b sprintf b DEMO DoD IP i i htonl ip source host id htonl ip destination host id i ip gt protocol for j 0 j lt sizeof protocol_lookup j if protocol lookup j i break if j sizeof protocol lookup b sprintf b Ss well known protocols j1 else b sprintf b Sd i 57 Appendix C Crynwr Packet Driver Collection This appendix describes how to use the Crynwr Packet Driver Collection provided with PacketView The following information is provided asa quick reference The entire contents of the files SUPPORT DOC and INSTALLDOC are available on the Crynwr Packet Driver Collection diskette Crynwr Software sells support to packet driver users This is what support includes The assurance thatthe drivers will continue to be improved New packet driverreleasesautomatically mailed to you Input into future packet driver developments Answersto questions on the phone to one person oran altemate Answers to questions emailed by anyone at your site
47. rs the hardware interrupt numberand the I O address The defaults are 3 and 0x300 3Com 3C503 usage 3C 503 n d w packet_int_no int_level 2 5 io addr cable type The 3C 503 driver requires three additional parameters the hardware interrupt number the I O address and the cable type The 3C 503 can be attached to thick orthin Ethemet cables and the selection is made in software The cable type parameter should be zero forthick and one forthin The defaults are 2 0x300 and 1 thin The 3C503 uses shared memory whose address is set by jumpers but the software can askthe board whatthe addressis 3Com 3C507 usage 3C507 n d w packet int no int no io addr base_addr 60 The 3C 507 will determine its parameters by reading the board The only time you would need to specify the parameters is when you have multiple 3C507s in the same machine The 3C507 driver will use three additional parameters the hardware interrupt number the UO address and the memory base address 3Com 3C 523 usage 3C523 n d w packet int no int no io addr base addr The 3C 523 driver requires three additional parameters the hardware interrupt number the I O address and the memory base address The defaults are 3 0x300 and 0xc 000 BICC Data Networks ISOLAN 4110 Ethemet usage ISOLAN n d w packet int no int no base addr The BICC ISOLAN requires three additional parameters the
48. ry C PV PacketView will look for PV CFG in the same directory The default location forthe support files may be overridden by the use of an environment variable called PACKEIVIEW For example if PV EXE is found in the C BIN subdirectory but the support files are in the CA PV subdirectory the following line should be included in AUTO EXEC BAT SET PACKETVIEW C NPV Files that are always kept in the PacketView ex CA PV subdirectory include the configuration files filter files and the NODES HOSTS VENDORS and OIDS files However PacketView will look in the current directory forthe NO DES HOSTS VENDORS and OIDS files before it searchesthe PacketView ex CX PV subdirectory Command line options PacketView supports several command line optionsthat allow you to control the initial state of PacketViewTM when started PV MONO PAC KETS nnnnn NOEMS NONE PD nn BOARD nn BATC H filename MONO Selectsthe display characteristicsfora monochrome display Default display mode is color with colordisplay adapters This is especially useful for LCD screens where coloris difficult to see PACKEIS nnnnn Setsthe maximum number of packets NOEMS NONE PD Inn nnnnn that can be held in memory at any one time The maximum number of packets may be from 128 to 65535 The default is PAC KETS 4096 Disables the use of Expanded Memory EMS The default isto use Expanded Memory when
49. s 5 To use a different hardware interrupt request level spec ify the level nn between 2 and F inclusive asa HEXADEC IMAL value 67 snn Selectthe packet driver s software interface interrupt The default software interface interrupt is 60 hex If this value causesa conflict with other software in your PC select another value between 60 hexand 80 hex inclusive Specify the new value nn in HEXADECIMAL COM20020 COM20020 is an enhanced packet driverfor SMC COM20020 based ARCNETadapters To start the packet driver simply execute COM20020 from the command line Example com20020 a nn p nnn h n s nn r n b n The optional switchesallow you to selecta configuration otherthan the default configuration forthe packet driver 68 Switch Description a nn p nnn Select the 8 bit network node addressforthe COM20020 If the board is compatible with the ARS 20020 board from Cimetrics Technology the default isto use the network node address set on the SW2 switch You can override the default setting by selecting this option where nn is the HEXADECIMAL value of the desired network node address If the board you are using is NOT compatible with the ARS 20020 you MUSTuse this switch to set the desired network node addressfor yourboard Select the I O base address for the COM20020 The default I O base address is 300 hex To use a different I O base address specify the address nnn asa HE
50. s function savesthe current set of filters to a file F10 Done Retumsto the Main Menu Filter Editing A filter isa list of up to five 5 match criteria which must all be true fora packet to be selected by the filter Packets must be selected by at least one filterto be saved or displa yed Filter Editing provides the ability to set or modify the each of the selection criteria foreithera capture filterora display filter This is done with the following selection criteria functions EL Help Providesthe curent help information for the Filter Editing F2 Add The Add function allowsa packet match critena to be added to the filter However a maximum of five 5 packet match criteria may be used in any filter F3 Edit The Edit function allows the current packet match criteria to be changed The criteria to be edited must be selected using the cursorup and down anows before selecting the Edit function The current packet match criteria is always displayed in reverse video F4 Delete This function deletesthe curent packet match criteria from the filter The criteria to be deleted must be selected using the cursorup and down anows before 18 selecting the Delete function The current packet match criteria isalways displayed in reverse video 19 F5 F7 F8 F9 Negate This function negatesthe current packet match criteria Any packets that the criteria would have rejected are now accepted Packetsthat
51. splay Switch to super RAW mode displaying all bytesof the actualframe in hexadecimal and ASCII Toggle the node name host name and OID between symbolic definitions and numeric values Alt S Ctr T AKT Send the cument packet Toggle the packet time field between absolute time and delta time since the previous packet Mark an event Allother packets time field will be relative to this packets time field Toggle Text Mode wherever packet data would normally display the data in hexadecimal the data is checked for displa yable text if all of the data is displayable then it is displayed in ASC II Start Update mode keep the display curent with the last packet received Toggle the display mode between 25 and 50 lines for VGA displays Function KeyAction Display help Enterthe Filter Menu Enter the Replay Menu Clearthe packet bufferand enable the receiverto capture packets from the network Start continuous capture mode This causes the packet bufferto be cleared and the receiverto be enabled Wheneverthe packet buffer becomes full it will automatically be cleared again restarting the capture This mode isterminated whenever any key is pressed Toggle enable disable of packet capture from the network undefined at thistime Select and print a range of packets Go to a packet by number Enable Continuous Capture Display the Main Menu The following keys are defined forthe Line Mode display Key
52. ted by available memory requires 24 bytes per node symbol or host symbol OIDs require more Customer Support Technical support for PacketView isavailable by calling Klos Technologies Inc support at 607 753 0568 between 8 00 AM and 5 00 PM ESTor via e mail at support klos com Installation Installing PacketView To install PacketView put the PacketView diskette into the A drive and type A INSTALL at the DOS command prompt Install will prompt forownername company name and the directory in which to copy PacketView default CA PV Install then createsthe specified directory if necessary and copiesthe PacketView files to that directory If the PacketView directory in not in the system PATH be sure to update the PATH to include the PacketView CA PV directory Loading the Packet Driver Most packet drivers are TSR Terminate and Sta y Resident programsor device drivers with unique command line definitions Two enhanced packet drivers developed by Klos Technologies Inc are included with PacketViewTM One for NE1000 NE2000 and compatible Ethemet adapters and one for COM20020 based ARCNETadapters These packet driversare described in Appendix C Also included isthe CRYNWR Packet Driver Collection This collection is provided at no cost and isNOTa part of PacketView AppendixD includes support and installation information as well as examples for loading packet drivers of several common network
53. tocol 54 Tp4 void _loadds struct a format arp arp length rp header arp int length int i j set colo printf i hton Tf b prin else in N n prin prin Q rh rH oe ct rr hton ix prin retu Ef Ef if i prin addr else prin Si n gt tar void _loadds byte pa int leng int 14 3 struct i set colo printf printf word printf printf h i hton if i amp 0x prin prin i ip gt j 0 XE if j prin S04x b r LTGREEN YELLOW DEMO DoD ARP Mn s arp gt type 1 amp amp i lt 7 tf Hardware type sWXn hardware types i 1 tf Hardware type 04x n i Protocol 04x n htons arp protocol Node address length d Host address length arp node len arp host len S arp operation 1 Il i gt 2 tf Operation UNKNOWN d n i rn Operation Ss n i 1 REQUEST REPLY Source node address n Source host address i n arp source node addr htonl arp source host id 1 tf Target node address UNKNOWN Target host ess i n htonl arp 5target host id tf Target node address n Target host address arp target node addr htonl arp get host id format ip packet length cket th r Ke p header ip struct ip header packet r LTGREEN WHITE DEMO DoD IP n IP version d IP
54. tting Object IDs The o format takesa pointerto an OID structure and will display the object id represented in the standard dotted decimal notation If symbolic mode is enabled the object id will be looked up in the object id table If found the part of the id that isdefined will be displayed in place of the dotted decimal notation If a suffix portion is not found will be displa yed in dotted decimal notation format protocol void format protocol packet length type media byte packet int length word type word media The format protocol routine allowsa protocol decoderto hand off packet or portion of a packet to another protocol decoderto be decoded asa different protocol This is especially useful when supporting protocol tunneling one protocoliscarried within another The parameters to this routine include the addressof the packet buffer the 34 packet buffers length the desired packet type and the media value for which the packet type isdefined format protocol line void format protocol line buffer packet length type media char buffer byte packet int length word type word media The format protocol line routine allowsa protocol decoder to hand off a packet or portion of a packet to another protocol decoderto be decoded asa different protocol Thisis especially useful when supporting protocol tunneling one protocol iscamed within another The parameters to this routine include the a
55. v1 23 Total packets 611 Memory used Copyright Klos Technologies Inc Receiver state Disabled IEEE 802 3 Destination 0207010E8A4E Size 002E Number 20 Source 0207010516F6 Type 0028 Time 25 65 IPX Checksum FFFF Packet length 0028 Transport control 0 Hop Count 0 Protocol type is 1 RIP Destination address 00000001 0207010E8A4E Destination socket 0453 Routing Information Protocol Source address 00000001 0207010516F6 Source socket 0453 Routing Information Protocol RIP Route Response Network Hops Ticks 12 00000002 1 2 A 5El E2 cos ESg 5 F4 E5405 F6 E L F8 E9 F10 HELP EDIT PACKET RESTART TOGGLE PRINT GOTO CONTIN MAIN i FILTERS REPLAY RECEIVE RECEIVE i PACKET UOUS MENU Typical Detail Mode Display Key Functions The following keys are defined for both Line and Detail Mode displays Key Action Alt X Exit PacketView Esc Exit a menu or function Retum C D D ST Ctri R Mode Toggle between Detail Mode and Line Toggle color mode between COLOR and MONOCHROME Set the display to Detail Mode Toggle Eror Mode when enabled packets with emorsare dropped when disabled all packets are saved Toggle the display of the Function Key definitions on the bottom of the screen Set the display to Line Mode Toggle display of MAC information Toggle between raw data display and protocol decode di
56. wo primary modesof display PacketView also providestwo independently controlled data display modes RAW and TEXT modes RAW Mode RAW mode displaysthe data portion of the packet in hexadecimal and ASCII representation If RAW mode is not in effect PacketView wil decode the packet based upon the protocol specified and the decodersavailable If PacketView cannot recognize the protocol specified the packet will be displayed in the RAW mode format TEXTMode If the contents of the data portion of the packet isall ASCII displa yable charactersthen in TEXT mode thisdata will displayed in ASCII If TEXT mode isdisabled then the data portion of the packet will be displayed in hexadecimal Line Mode In Line mode PacketView displays a screen of single line descriptions of packetsthe packet buffer Only those packetsthat satisfy any Display Filters will be displayed If no Display Filters are defined then all packetsare displayed PacketView vl 23 Total packets 332 Memory used 1 Copyright Klos Technologies Inc Receiver state Enabled 1 0 114 0035 DIX 00000C004493 lt 0800200894E1 0800 IP 130 204 5 68 gt 2 0 153 002E DIX 0800200894E1 lt 00000C004493 0800 IP 137 39 1 6 gt 1 4 0 288 0044 DIX 0207010DF931 lt 02608C542501 0BAD VINES IP 5 0 292 003A DIX 02608C542501 lt 0207010DF931 0BAD VINES IP 7 0 369 004E DIX 0207010C11ED lt 02608C542501 OBAD VINES IP 8 0 373 002E DIX Broadcast
57. y into the area thatthe card intendsto use You should be able to configure your software to leave this area of memory alone Also driver will refuse to map memory into occupied memory The occupied memory test fails on some machines so the 65 optional switch o allows you to disable the check for occupied memory 66 Appendix D Klos Technologies Inc Packet Drivers Klos Technologies Inc makestwo enhanced packet drivers available for use with ISDNViewTM These packet drivers provide error information to ISDNView allowing a more complete view of the network Atthistime only two packet drivers are available with these extended capabilities One for ethemet NE1000 and NE2000 and compatible boards and one for Cimetric s ARS 20020 and other COM 20020 based ARCNET boards ETHPD ETHPD isan enhanced packet driver for NE1000 NE2000 and compatible ethemet adapters It automatically detects the bus width and memory size of the adapter Example ethpd p nnn h nn s nn The optional switchesallow you to selecta configuration other than the default configuration forthe packet driver Switch Description p nnn Select the I O base address forthe ethemet adapter The default I O base address is 300 hex To use a different I O base address specify the address nnn asa HEXADECIMAL value h inn Select the hardware interrupt request level forthe ethemet adapter The default hardware intenupt request level i
58. ystem that physically allows shared accessto the Software Licensee agreesto provide technical or procedural methodsto prevent use of the Software by more than one user e One machine readable copy of the Software may be made for BACK UP PURPO SES ONLY and the copy shall display all proprietary notices and be labeled extemally to show that the back up copy isthe property of KT and that its use is subject to this License Documentation in whole or part may not be copied e Use of the Software by any department agency or other entity of the U S Federal Govemment is limited by the terms of the attached U S Rider forGovemmental Entity Users which is incorporated by reference into this License e Licensee may transfer its rights under this License PROVIDED that the party to whom such rights are transfered agreesto the termsand conditions of this License and written notice is provided to KT Upon such transfer Licensee must transfer or destroy all copiesof the Software e Exceptasexpressly provided in this License Licensee may not use copy disseminate modify reverse engineer distribute sub lic ense sell rent lease lend give orin any other way transfer by any meansorin any medium including telecommunications the Software Licensee will use its best effortsand take all reasonable stepsto protect the Software from unauthorized use copying ordissemination and will maintain all proprietary notices intact LIMITED WAR
Download Pdf Manuals
Related Search