If I put them all together in one directory and start tcpdump all I see is
an error message:
tcpdump.exe
IpSpy Version: 01.40.00 on device lan0
tcpdump.exe: IpSpy_QueryReceiveMode error: Cannot open IPSPY.OS2
These seem to be the relevant files (from Hobbes)
29,696 404 ipspy.dll
2,048 0 ipspy.lib
2,905 208 ipspy.os2
33,792 61 iptest.exe
38,400 61 iptracx.exe
182,536 359 tcpdump.exe
Also, how does this compare with iptrace? I've been asked to do a tcpdump
for diagnosis purposes but I wonder is iptrace would yield the same info.
Thanks,
Pierre
--
Pierre Jelenc
The Gigometer www.web-ho.com/gigs.html
The NYC Beer Guide www.nycbeer.org
> tcpdump.exe
> IpSpy Version: 01.40.00 on device lan0
> tcpdump.exe: IpSpy_QueryReceiveMode error: Cannot open IPSPY.OS2
You need to add "DEVICE=d:\path\IPSPY.OS2" to CONFIG.SYS and reboot.
> Also, how does this compare with iptrace? I've been asked to do a tcpdump
> for diagnosis purposes but I wonder is iptrace would yield the same info.
Probably. I don't know what the raw data formats are or whether they are
compatible. You get a text listing of IPTRACE's dump file using IPFORMAT.
Ah, indeed; it's buried in the middle of the file, I totally missed it.
> Probably. I don't know what the raw data formats are or whether they are
> compatible. You get a text listing of IPTRACE's dump file using IPFORMAT.
Apparently that format is too intricate. I was told that the traces are
hard to deal with, and to see if I could provide them in "pcap format"
that would make diagnosis much simpler. That would be the tcpdump format,
I gather.
Thanks, I'll reboot and try again.
Well, another problem. I get a trap during config.sys:
Exception in module IPSPY
trap 000d
[...]
internal revision 14.100c_W4
Can someone verify that the file is dated 1998/05/31 and is 2905 bytes?
Thanks,
> Well, another problem. I get a trap during config.sys:
>
> Exception in module IPSPY
> trap 000d
> [...]
> internal revision 14.100c_W4
I think I got that as well.
> Can someone verify that the file is dated 1998/05/31 and is 2905 bytes?
Mine is.
> Also, how does this compare with iptrace? I've been asked to do a tcpdump
> for diagnosis purposes but I wonder is iptrace would yield the same info.
IPTRACE will only monitor data to/from the machines own interfaces (e.g.
lo0 and lan0). IPSPY will (if the card/driver support it) allow
promiscuous mode, and monitoring of everything on the LAN (assuming it
isn't connected via a switch, which it probably is).
> Well, another problem. I get a trap during config.sys:
>
> Exception in module IPSPY
> trap 000d
> [...]
> internal revision 14.100c_W4
Did you actually configure it using MPTS?
Er, no. Am I supposed to? There's no mention of that in the docs, only to
add the DEVICE line in config.sys, and add 3 lines to \IBMCOM\PROTOCOL.INI
[IPSPY_NIF]
drivername = IPSPY$
bindings = [MAC address]
I put the MAC as netstat -n prints it (that's the "physical address",
right?) without ":" or "-" or "0x".
Rebooted and trapped. I REM'd the DEVICE line in config.sys and haven't
done anything since.
> Bob Eager <rd...@spamcop.net> writes:
> > On Thu, 4 Sep 2008 22:07:43 UTC, rc...@panix.com (Pierre Jelenc) wrote:
> >
> > > Well, another problem. I get a trap during config.sys:
> > >
> > > Exception in module IPSPY
> > > trap 000d
> > > [...]
> > > internal revision 14.100c_W4
> >
> > Did you actually configure it using MPTS?
>
> Er, no. Am I supposed to?
No...just checking.
> There's no mention of that in the docs, only to
> add the DEVICE line in config.sys, and add 3 lines to \IBMCOM\PROTOCOL.INI
>
> [IPSPY_NIF]
> drivername = IPSPY$
> bindings = [MAC address]
>
> I put the MAC as netstat -n prints it (that's the "physical address",
> right?) without ":" or "-" or "0x".
No, it doesn't tell you to use the MAC address. Read carefully:
" You must add the following 3 lines at the end of the file
[IPSPY_NIF]
drivername = IPSPY$
bindings = MYMAC
where MYMAC is the section name of the MAC adapter driver
you want to use.(only one adapter is supported) "
So, if you had a BroadCom B57 NIC and driver, as I have, you'd already
have (probably near the bottom):
[B57_nif]
DriverName = B57$
In which case you'd need, for your 'bindings' line:
bindings = B57_nif
Ah, I totally misunderstood it. Thanks, now it works.
Actually, the later IPTRACE WILL do promiscuous mode. Just start
IPTRACE -p
Also, IPFORMAT will output the trace in Sniffer format (that
can be read by ETHEREAL/Wireshark).
IPFORMAT -x
These options work VERY well.
Bob Plyler