During the past hollydays i had enough time to do some more work on my series of ethernet tools. Some of the already published programs were slightly improved but now there are also three more ones. As a consequence of the size limit, i had to split-up the package into three archives, all of them attached to this posting:
In the Archive ETHTOOL1.ZIP one finds three tools for general network analysis:
ETHWHO
ETHWHAT
WWWATCH
The Archive ETHTOOL2.ZIP contains programs for detailed packet analysis:
ETHSEND
ETHDUMP
ETHWATCH
ETHSHOW
In the Archive ETHTOOLs.ZIP one can find all the source codes of the above programs.
There still is no further documentation, sorry, but all programs have a built-in help function which can be invoked by the /? (or/h or -h) command line switch. And of course i keep-on appreciating many comments
In the Archive ETHTOOL1.ZIP one finds three tools for general network analysis:
ETHWHO
Is a program that tries to generate a who-is-who of your ethernet LAN (with bus-topology). It lists in tabular form the source and destination ethernet adresses of the packets passing by and counts who is sending whom how many packets. The content of this table is optionally exported into a csv-file (character separated value) from where it can be further processed in what ever way, e.g. be imported into an excel table. (The updated version now can optionally count transmitted bytes instead of just packets)
ETHWHAT
Is a program that watches your (bus topology) ethernet and tries to figure out what game they are playing. It analyzes the packets passing by, according to frame-type and protocol used (IP, IPX, ...) and displays statistics about it. In addition, if it finds IP-traffic, it tries to guess the basic configuration parameters from the found data. (The new version has some marginal improvements)
WWWATCH
This program watches the traffic on the ethernet and lists every HTTP request from eather a distinct or any computer on the local LAN, sent to a server "out there" in the WWW. If you ever wondered what kind of files or data your computer fetches from the internet, this program may help you to find the anwer.
The Archive ETHTOOL2.ZIP contains programs for detailed packet analysis:
ETHSEND
Is a program that sends a single raw ethernet packet out to the LAN. As such, it is not terribly usefull for everday (network-) life, but for experimental and testing purposes it can be quite handy. It helped me a lot in writing the other programs.
ETHDUMP
Is just another packet sniffer. This isn't terribly innovative, but for me it was a pre-requisite for writing the other programs. As it therefore had to be done anyway, why not give it a decent user-interface and turn it into something usefull?
It basically duplicates the functionality of the program ETHCAPT, written by Yusuf Motiwala, many years ago. However it allows to display the data already while recording, with two levels of verbosity (headers only or full data as raw hex dump). In addition it has some filtering capabilities which its predecessor hasn't got. It can optionally write the captured data to a binary file in the same format as ETHCAPT would do, so it can later be visualized by ETHVIEW (also by Yusuf).
It basically duplicates the functionality of the program ETHCAPT, written by Yusuf Motiwala, many years ago. However it allows to display the data already while recording, with two levels of verbosity (headers only or full data as raw hex dump). In addition it has some filtering capabilities which its predecessor hasn't got. It can optionally write the captured data to a binary file in the same format as ETHCAPT would do, so it can later be visualized by ETHVIEW (also by Yusuf).
ETHWATCH
Is basically a stripped-down version of ETHDUMP with a fixed built-in filter to capture only those ethernet_II frames, that carry IP packets where eather the source- or the destination-(IP-)address is outside the local LAN and the other one is inside. In other words: it records everything that comes from or goes to the internet, ignoring local traffic. It can also write this data to a binary file, in the same format as ETHCAPT or ETHDUMP would do.
ETHSHOW
Is a program to visualize the data that were captured by ETHDUMP, ETHCAPT or ETHWATCH. As such, it replaces the program ETHVIEW, written by Yusuf Motiwala. It offers however some more features. One can browse through the files, scroll forward and backward and there are some tiny built-in tools that help in dissecting the data. Furthermore, it can invoke ETHDUMP (or ETHCAPT or ETHWATCH) to capture new data and thus can be used as a handy neat little protocol analyzer.
Of course it cannot compare with commercial products nor with the ethereal/wireshark project. But it's free, runs under (MS-)DOS and with little more than 50KB program size it easily fits on any disquette. It's basic design philosophy is not to attempt to replace a good book on networking protocols or even your own brain, but to assist you as much as possible in inspecting the data that passed over the wire.
In my opinion it has a rather good "usefullness to program-size ratio". But of course every mother loves her own child, so try it yourself and make up your own mind.
Of course it cannot compare with commercial products nor with the ethereal/wireshark project. But it's free, runs under (MS-)DOS and with little more than 50KB program size it easily fits on any disquette. It's basic design philosophy is not to attempt to replace a good book on networking protocols or even your own brain, but to assist you as much as possible in inspecting the data that passed over the wire.
In my opinion it has a rather good "usefullness to program-size ratio". But of course every mother loves her own child, so try it yourself and make up your own mind.
In the Archive ETHTOOLs.ZIP one can find all the source codes of the above programs.
There still is no further documentation, sorry, but all programs have a built-in help function which can be invoked by the /? (or/h or -h) command line switch. And of course i keep-on appreciating many comments