Re: filters

John G. Thompson (jgt10@livingston.com)
Wed, 27 Aug 1997 08:25:37 -0700

At 08:56 AM 8/27/97 -0500, Derric Scott wrote:
>
>> I believe the portmaster 2 will allow you to view the IP traffic on a
>> specified port. I want to find out the IP address of a server push site
>> and filter it so specific users cannot leave their computers on watching
>> pointcast while they go home for the weekend.
>
>Hmm... no one seems to be able to (or wants to) address this question
>directly (at least as of the Digest version last night). Sorry I
>can't help directly either...
>
>> I want to monitor a specific port, like 14 on my portmaster and see
>> where the data is coming from. ...
>
>I'd use tcpdump from one of my Linux machines to do this - not the PM.
>Just setup your own client PC doing whatever you want (Pointcast for
>example) and then look for traffic to/from that PC's IP.

What you do is create a filter that "permits" the traffic you want to watch
and then you do a ptrace with that filter. To stop the output you give a
ptrace without any filter name. This is documented in tech notes and the
configuration guide.

For example, when I want to verify RADIUS operation...

Command> add fil
Command> set fil r 1 perm udp src eq 1645
Command> pt r

Command> pt
Command> del fil r

JGT
---------------------------------------------------------------------------
John G. Thompson Livingston Enterprises Inc. Phone: (800) 458-9966
JOAT(MON) 4464 Willow Road Fax: (510)737-2110
support@livingston.com Pleasanton, CA 94588 http://www.livingston.com/
---------------------------------------------------------------------------
******* The solution to any problem lies in its proper definition. *******