--
Richard Porter
rich@ / www. richardporter.me.uk
"You can't have Windows without pains."
> or something equivalent?
No. There have been Ethernet sniffers (first hit on Google for "RISC
OS ethernet sniffer"), but they're all somewhat simplistic compared to
Wireshark. You may be able to adapt existing sniffers to create
pcap-format sniff log files, which you can then feed into Wireshark on
another machine for analysis, however.
B.
> or something equivalent?
Wiresalmon by Alex Waugh is available here:
<http://www.cp15.org/networking/>
It can capture transmitted and received packets on the RISC OS
machine, but you will need to use an analyser on another platform to
view the captured data.
Evan.
Try Wiresalmon, by Alex Waugh:
Wiresalmon is a network packet sniffer, which can be used to capture
packets transmitted and recieved on a network. Captured packets are
saved to a file in libpcap format, which can be read by protocol
analysers on other platforms, such as Wireshark. Wiresalmon does not
itself provide any means of viewing the captured data. Full source
code is supplied under the GPL.
http://www.cp15.org/download.php?program=wiresalmon&version=latest
Tony
> > No. There have been Ethernet sniffers (first hit on Google for
> > "RISC OS ethernet sniffer"), but they're all somewhat simplistic
> > compared to Wireshark. You may be able to adapt existing sniffers
> > to create pcap-format sniff log files, which you can then feed into
> > Wireshark on another machine for analysis, however.
>
> Try Wiresalmon, by Alex Waugh
Superb and ideal. Added to my bookmarks.
B.
> Try Wiresalmon, by Alex Waugh:
> Wiresalmon is a network packet sniffer, which can be used to capture
> packets transmitted and recieved on a network. Captured packets are
> saved to a file in libpcap format, which can be read by protocol
> analysers on other platforms, such as Wireshark. Wiresalmon does not
> itself provide any means of viewing the captured data. Full source
> code is supplied under the GPL.
> http://www.cp15.org/download.php?program=wiresalmon&version=latest
Many thanks. That sounds just the job.
I ported libpcap and tcpdump a few years ago. They're relatively
trivial to port so that's not too hard. Capturing IP-based packets
through the Internet module filtering interface is (pretty much)
trivial also - for this very reason. It shouldn't be difficult to
reproduce these by anyone else. The filtering interface doesn't offer
much in the way of pre-filtering of packets, but you're not expecting
to run RISC OS in a noisy environment whilst packet sniffing... you'd
be better off using Linux if you wanted to do more complex stuff.
tcpdump might not be all fancy and GUI, but that's really not a huge
deal for most of the protocols you decode. Plus, once you've written
your packet logger, you can always bundle the packet up in a pcap file
and give it to a more capable machine - it appears that my 'IPCapture'
BASIC program is only 70 lines long, so that part of the process is
trivial.
Anyhow... it's relatively trivial to port tcpdump from what I recall,
and writing a packet logger for IP packets requires that you just
implement a simple module to do that. And of course, implementing NAT
and other packet manipulation is merely an extension to that.
--
Gerph
> Try Wiresalmon, by Alex Waugh:
> Wiresalmon is a network packet sniffer, which can be used to capture
> packets transmitted and recieved on a network. Captured packets are
> saved to a file in libpcap format, which can be read by protocol
> analysers on other platforms, such as Wireshark. Wiresalmon does not
> itself provide any means of viewing the captured data. Full source
> code is supplied under the GPL.
> http://www.cp15.org/download.php?program=wiresalmon&version=latest
The ftp problem occurred again this evening so I had a chance to try
out wiresalmon. Unfortunately it stopped all packets getting through
so nothing would work. Maybe it doesn't work on a RiscPC with a
standard nic. I can't see any choices to configure.
I've used Wiresalmon, without problem, on a SARPC, with a Unipod nic.
From memory the OS was 6.10. I haven't tried RO6.20. You've read the
'Using' and 'Compatibility' sections in the !Help file?
Tony
> The ftp problem occurred again this evening so I had a chance to
> try out wiresalmon. Unfortunately it stopped all packets getting
> through so nothing would work. Maybe it doesn't work on a RiscPC
> with a standard nic. I can't see any choices to configure.
It works here with this combination:
RiscPC
RISC OS 4.02
i-cubed network card; EtherH 4.33 (27 Nov 1997)
Evan.
Yes. I have followed the "Using" instructions. After clicking on the
start capture button connections just fail immediately instead of
timing out, and http fails too.
"Compatibility" says "Wiresalmon should work with any network card
that provides a standard DCI4 driver. It has been tested with EtherK
on an Iyonix and EtherX on a RiscPC with a Simtec Net100 NIC."
I'm using a Kinetic RiscPC with RO 6.14 and the original 10baseT NIC.
I don't know if that provides a standard DCI4 driver.
Sorry, I wouldn't know about that. Unipod is based on the Simtec Net100
card, and so uses EtherX.
I've just tried again (RO6.20, SARPC, Unipod), and can confirm that
Wiresalmon 1.00 correctly captures ftp, nntp, and http packets.
Tony
I checked my modules and it appears that I'm using EtherH which is
neither of the above.
> I'm using a Kinetic RiscPC with RO 6.14 and the original 10baseT NIC.
> I don't know if that provides a standard DCI4 driver.
It does. DCI2, the predecessor to DCI4, was obsoleted many years
ago, so long that I don't remember. Select has never had anything
other than a DCI4 driver.
Dave
1994ish.
There are two ways to write a packet sniffer on RISC OS. One is to register
a handler for IP frames. That means that you have to throw off the Internet
module, as you can't have two handlers at once. So you can listen to data
sent by other machines, but can't send from your own. Alan Williams' packet
sniffer does this.
The alternative is to use the Internet module's filtering interface (a bit
newer) to see frames going through. That doesn't clash with normal
operation.
I'm assuming Wiresalmon uses the second method, but I haven't looked so am
not sure.
Theo
> 1994ish.
I have now got the Unipod ethernet port working after a fashion (I get
errors from POPstar and NewsHound when sending, but fetching is OK).
Wiresalmon works with EtherX but apparently not with EtherH.
I have a problem because EtherH is running as well as EtherX even
though the NIC is disabled. I can't find out what is causing it to
run. Could VProtect be sniffing EtherH?
So far as I know VProtect doesn't get involved in network stuff. But you
might be loading EtherH in your boot sequence somewhere. I think the
ethernet drivers will run even if there's no hardware - just things like
*EHTest will fail.
Theo
What do you men by running, it's a driver module.
> Could VProtect be sniffing EtherH?
No.
---druck
> What do you men by running, it's a driver module.
well loaded then - present in *modules.