Short: Update to SANA-2 packet monitor Author: mlelstv@serpens.rhein.de Uploader: mlelstv serpens rhein de Type: comm/net Architecture: m68k-amigaos When debugging networks on UNIX machines you have a tool 'etherfind' or 'tcpdump' that can filter and print out packets on the network. Sanamon is something similar but simpler, it asks the device driver for certain hardware packet types or orphan packets (i.e. packets that no other software is reading and that would be discarded). Sanamon shows you the size and type of incoming packets and can print a hex dump of the packet's contents. There is a problem with running sanamon concurrently with other networking software. As the SANA-2 specs only allow one reader to see a packet, sanamon will "steal" some packets and miss those that are passed to the other software. The new 2.0 revision of SANA-2 supports "packet filters", with this it is possible to pass packets to multiple clients, so that your networkinng software and sanamon will see all packets. Unfortunately, very few SANA-2 drivers implement the packet filter option. How to use sanamon: >sanamon ? DEVICE/A,UNIT/N,TYPE/N,LEN/N,DUMP/S,ORPHAN/S,NOFILTER/S,CONFIG/S,ONLINE/S: DEVICE = name of the SANA-2 device driver (like a2065.device). UNIT = driver unit, most drivers use unit 0 which is also the default. TYPE = packet type to read from the network. This depends on the specific hardware and your networking software should have some setting for the protocols it uses. Standard Ethernet uses 2048 for IP packets and 2054 for ARP packets. The default is type 0. LEN = number of bytes to dump from each packet. This is ignored if you don't give the DUMP option and the default is to dump 16 bytes. DUMP = Turn on hex dump. ORPHAN = Don't look for the specific packet type but for any packet not read by other software. NOFILTER = Don't use the SANA-2 V2.0 packet filter option. NOFILTER is ignored by pre-2.0 drivers. CONFIG = Try to configure interface with its default address. This is necessary when you try sanamon without a protocol stack running. ONLINE = Tell driver to go online first and to go offline when sanamon is exiting. The CONFIG option implies ONLINE. Example: >sanamon networks/ch2060.device type=240 dump listening to ch2060.device unit 0 for type 240, MTU = 507 bytes in 45 bytes, type=240, err=0, werr=0, HOST, 29->2a 45 00 00 2d 59 57 00 00 33 06 cc 30 86 68 14 03 .... I told sanamon to watch for IP packets (Internet Protocol on Arcnet uses type 240) on the ch2060.device, an alternative driver for the A2060 board. The maximum packet size returned by the device is 507 bytes and the first packet seen by sanamon was 45 bytes long. The type was, of course, 240. You might see other types when you try to read orphan packets. The read did not return an error, otherwise werr would specify the exact error, see for details. The packet was directed to a HOST, other drivers might also return BCAST or MCAST for broadcast and multicast packets. The last field on that line shows source and destination hardware addresses in hexadecimal, this packet was sent from address $29 == 41 to address $2a == 42. Other hardware might show larger addresses (e.g. Ethernet uses 6 bytes). The next line shows the first 16 bytes of the packet. 45 = IP protocol version 4 with a header size of 5 long words. 00 = no special service type 00 2d = total length including the header is 45 bytes 59 57 = "unique" packet identification 00 00 = fragmentation offset and flags 33 = time to live 06 = IP protocol number 6 = TCP cc 30 = header checksum 86 68 14 03 = 134.104.20.3, the source address of this packet Changes from version 1.0: - The packet filter code was severly broken. It should work now as described. - Added CONFIG and ONLINE options to make sanamon work without a protocol stack that initializes the driver. Michael van Elst