
This is a minimal net-sniff package intended to be used as a PC-based network
monitor for your local ethernet network.

*** Included are the following files:
   README            -  Your reading it at the moment.

   gobbler.asc       -  An ASCII manual for gobbler.
   gobbler.exe       -  A binary file for the PC.
   beholder.ini      -  A configuration file needed by gobbler.
   dp.ini            -  A configuration file needed by gobbler.

   gobview.cc        -  My small tool to view a dumpfile generated
                        by gobbler. This should compile on any unix
                        system. I've tested it on my linux machine and
                        on an HP.
                        I've based gobview on the program rdunix which
                        is distributed with the gobbler distribution.
                        rdunix simply displayed the dump file, while
                        gobview decodes the packets.
   Makefile          -  Makefile for gobview.

What's NOT included: drivers for your ethernet card. These can be found in
the directory /pub/Fergie as pktdrv9.zip on ftp.et.tudelft.nl with anonymous
ftp.

*** How to configure gobbler:

Change the following entries in beholder.ini:

    nd0address                 :  IP address of your PC running gobbler.
    nd0mask                    :  Netmask of your network.
    Community public/trap/test :  Your network IP + netmask.

Add hardware address entries of machines on your local net in dp.ini
(e.g. HDRADDR 0x00 0x00 0xc0 0x5e 0xb1 0x67 warns)


*** How to run gobbler:

First run a level 0 packetdriver (not included) at irq 0x60, e.g. (this is for
the wd80x3)

wd8003e 0x60 3 0x280 0xd000

this attaches the packet driver to irq 0x60, and wd card at irq 3, port address
0x280 and shared memory at 0xd000

Then run gobbler. Read the gobbler manual file (included) to learn how gobbler
works.


*** How to run gobview

Use gobbler to create a dumpfile. ftp this dumpfile to the machine you've
installed gobview on. Then type, for example, 'gobview yourdump.dmp | less'
and off you go! If your nameserver has troubles matching names to IP addresses
(usually only occurs when you don't use a nameserver :) type 
'gobview yourdump.dmp 2> /dev/null | less' to get rid of the error messages
generated by nslookup.


*** Problems and remarks:

If you have problems with gobview, found bugs, would like to have something
added to it, have added something to it, etc. etc. you can contact me through
e.g. e-mail (see signature at the end of the file). If you have problems with
gobbler, you can also contact me, but please, only if you're really don't know
what to do.


*** Finally:

I first wrote gobview for personal use, but since it could be useful for
others, I've released it. The source is a bit of mess (to my standards) but
feel free to check it out/change it. I hope to be able to clean up the code
and enhance gobview in the near future, if there are some out there who really
USE it :) 

Have fun!


Jacco

................................................................................
.                                                                              .
.  You can contact me by E-mail:              You can contact me by mail       .
.                                              through my company:             .
.                                                                              .
.     root@warns.et.tudelft.nl                    Redproc                      .
.     redproc@warns.et.tudelft.nl                 Postbus 321                  .
.     redproc@dutentb.et.tudelft.nl               2680 AH Monster              .
.                                                 The Netherlands              .
.        _____________________________                                         .
.       /                 __         ___                                       .
.      / \        / /\   |  \ |\  | /          _____ _   _ ____                .
.  \  /   \  /\  / /__\  |__/ | \ | \___         |   |   | |   \   _     _ ___ .
.   \/     \/  \/ /    \ |  \ |  \|     \        |   |   | |    | |_ |  |_  |  .
.      _________________________________/        |    \_/  |___/  |_ |_ |   |  .
.                                                                              .
................................................................................
