NAME
	Packetman


KEYWORDS
	Analyzer; Ethernet, IP, NFS; Eavesdrop, X; DEC, Sun,
	UNIX; Free.


ABSTRACT
	Packetman is an X-11 based protocol analyser that can
	be used to retrospectively analyse packets on an ethernet
	LAN. Packetman can be used for diagnosis, monitoring and
	troubleshooting of network protocols under a Unix environment.

	The Packetman display is divided into 3 sections ala TcpView
	and the Sniffer: The top section is a sequential trace of
	captured data; the second provides detailed analysis of a
	packet; and the bottom shows a hex dump of the packet.

	Several well used protocols can be decoded including:

		o NFS (Network Filing System) v2
		o NIS (Network Information Service) v2
		o Mount Protocol v1
		o Yppasswd v1
		o Sun Portmapper v2
		o ICMP
		o Telnet
		o Arp

	Packetman fully decodes Ethernet/TCP/UDP/IP headers and resolves
	ethernet/IP addresses to host names. RPC headers, including the
	authentication, are also fully decoded with the RPC replies being
	matched to the calls by their transaction IDs. This enables RPC
	reply packets of recognised protocols to be fully decoded.

	Sniffer format files are supported.

	Thanks to Martin Hunt for the Sniffer code, taken from TcpView.

MECHANISM
	Packetman uses the Ultrix packetfilter on DEC systems and NIT
	on Sun systems, which are placed into promiscuous mode to read
	all packets on the network.

	Several support files are used for name translations. These
	include /etc/ethers and derivatives of the group and passwd
	files which are used for ethernet/machine-name resolution and
	also uid/user-name and gid/group-name resolving. The information
	from these files is read into hashtables at start-up time.


CAVEATS
	If a Dec system is operating in promiscuous mode then it is
	possible for a user to use Packetman to compromise network
	security. For example, a patient user may capture sensitive
	information (including passwords) and use this to compromise
	the network.

	By default promiscuous mode is disabled.


BUGS
	The NIT packet filter used on Sun systems is not efficient
	enough to keep up with a moderate to heavily loaded network.
	This became evident when the snap length was set to zero(infinity).
	The code has been streamlined as much as possible, but the
	solution seems to be BPF. Unfortunately BPF is not available
	to us as we do not have access to the required SunOS kernel
	source.

	This results in some dropped packets on Sun systems.


LIMITATIONS
	Under SunOS, only the Super-user can execute Packetman. On Ultrix
	platforms, Packetman may be executed by any user, provided the
	Super-user has enabled promiscuous mode using pfconfig(8c).


HARDWARE REQUIRED
	SUN Sparc(SunOS 4.1.x) or DEC-mips(Ultrix 4.2a and above)
	workstations supporting the X11 Windowing System.


SOFTWARE REQUIRED
	X11 release 4 or later.


AVAILABILITY AND CONTACT POINT FOR INFORMATION ABOUT THIS TOOL
	Available via anonymous ftp from ftp.cs.curtin.edu.au, in
	the directory pub/netman. Binaries for SUN Sparc(SunOS 4.1.x)
	and DEC-mips(Ultrix 4.2a and above) are available in the
	subdirectories sun4c and dec-mips respectively.

	Greg Barron,
	Netman Development Group,
	Department of Computer Science,
	Curtin University of Technology, Perth, Western Australia.

	Ph: +61 9 351 7666
	Fax: +61 9 351 2819
	email: netman@cs.curtin.edu.au


CONTACT POINT FOR CHANGES TO THIS CATALOG ENTRY
	As above.


DATE OF MOST RECENT UPDATE TO THIS CATALOG ENTRY
        931027
