head	4.0;
access;
symbols;
locks; strict;
comment	@# @;


4.0
date	93.03.01.19.59.00;	author davy;	state Exp;
branches;
next	1.4;

1.4
date	93.01.16.19.08.59;	author davy;	state Exp;
branches;
next	1.3;

1.3
date	93.01.15.19.33.39;	author davy;	state Exp;
branches;
next	1.2;

1.2
date	92.07.24.18.47.57;	author mogul;	state Exp;
branches;
next	1.1;

1.1
date	92.07.24.18.45.13;	author mogul;	state Exp;
branches;
next	;


desc
@@


4.0
log
@NFSWATCH Version 4.0.
@
text
@								1 March 1993

This is NFSWATCH Version 4.0.  It lets you monitor NFS requests to any
given machine, or the entire local network.  It only monitors NFS client
traffic (NFS requests); it does not (and cannot) monitor the return traffic
from the server in response to those requests.

The following changes have been made since NFSWATCH 3.0:

	- NFSWATCH now runs on Sun SPARC machines under SunOS 5.x (Solaris
	  2.x) using the Data Link Provider Interface (DLPI), dlpi(7).

	- NFSWATCH now runs on Silicon Graphics machines under IRIX 4.0
	  using the snoop(7) interface.  It should also work on versions 3.2
	  and 3.3 (you'll need "-lbsd" on 3.2). Thanks to Tim Hudson of
	  Mincom Pty for the patches.

	- NFSWATCH "almost" works on System V Release 4 systems.  There are
	  some problems with the fact that Solaris 2.x uses DLPI 2.0 (good),
	  but most SVR4s out there still use DLPI 1.3 (bad).  I've had a few
	  beta testers working on it, but they have not yet gotten it to work.
	  If you manage to get it working, *please* send patches.

	- NFSWATCH now keeps track of timing information in the procedure
	  display, showing how quickly NFS calls receive replies.  Thanks to
	  Peter Phillips of the University of British Columbia for the code.
	  
	- NFSWATCH now has an authenticator display, which shows the username
	  or user id of the originator of each packet.  Thanks again to Peter
	  Phillips for the code.

	- A first pass at support for FDDI interfaces has been added.  The
	  support is better on some systems than others, as described below:

	  IRIX40: Has not been tested, and almost definitely will not work
		  "as is".  The packet header that's read into from snoop
		  probably needs to be different.  Send us patches if you
		  get it to work.

	  SUNOS4: Has been tested on a Sun-4/380 under SunOS 4.1.2.  Works
		  with the SunNet FDDI/DX boards.

	  SUNOS5: Has not been tested, but "should" work.  Send us patches
		  if it doesn't.

	  SVR4:   Has not been tested, but "should" work.  Send us patches
	  	  if it doesn't.  (And if you get the rest of it working;
		  see above.)

	  ULTRIX: Works with Ultrix V4.2 or later *only*.  All flavors of
		  Ultrix 4.2 (including 4.2A, 4.2B, 4.2C) require kernel
		  patches before you can use the FDDI code.  Obtain the
		  patched versions of net_common.o and pfilt.o from your
		  Customer Support Center.

	- A new option, "-server hostname" has been added to watch all the
	  traffic between a server and its clients; this is equivalent to
	  "src == hostname || dst == hostname", which is not specifiable
	  using the other options.  Thanks again to Peter Phillips for the
	  patches.

	- A new option, "-map", is available to help translate file system
	  device names to "english" names, e.g. "/usr" instead of
	  "fs1(7,23)".  Thanks yet again to Peter Phillips.

	- Two new options have been added to allow NFSWATCH to be run from
	  cron, via rsh, etc.  The "-bg" option tells NFSWATCH to run in the
	  background, with no screen display.  All information will be put
	  into the logfile only.  The "-T maxtime" option tells NFSWATCH to
	  terminate execution after maxtime seconds.

	- A new interactive command has been added.  The "n" command toggles
	  the display of client names or client host numbers in client mode,
	  so that foreign hosts can be identified.

	- The maximum number of client hosts for a single server has been
	  increased to 512.  The maximum number of internet addresses for
	  a single host has been increased to 16.  The maximum number of
	  interfaces that can be watched at one time has been increased to
	  16.

	- The bug in which file matching did not work on Sun-3 systems has
	  been fixed.

	- The bug in which the standard input got closed upon exit, making
	  the curses routines screw up, has been fixed.

	- The bug causing miscompilation of nit.c on SunOS 4.0 has been
	  fixed.

	- Note that due to limitations in the SVR4 DLPI, the ethernet broad-
	  cast, arp, and rarp packet counters will not be supported.  Also
	  note that on SVR4s still using DLPI 1.3, which does not support
	  promiscuous mode, the "-all" and "-dst" options to NFSWATCH will not
	  work.

NFSWATCH has been successfully compiled and at least minimally tested on the
following architectures and operating systems:

	Architecture		Operating System
	------------		----------------
	Sun-3 (68000)		SunOS 4.1.1
	Sun-4 (SPARC)		SunOS 4.1.1, 4.1.2, 4.1.3
	Sun-4 (SPARC)		SunOS 5.1 (Solaris 2.1)

	DEC VAX			Ultrix 4.0, 4.1, 4.2
	DEC RISC		Ultrix 4.0, 4.1, 4.2

	SGI Personal IRIS	IRIX 4.0.1
	SGI 4D/440		IRIX 4.0.5

To compile NFSWATCH, just say "make."  The Makefile will use the "uname"
command to determine what operating system should be compiled for.  If for
some reason this blows up in your face, say "make OS=foo" where "foo" is one
of the following:

	Macro Value		Operating System
	-----------		----------------
	IRIX40			Silicon Graphics IRIX 4.0
	SUNOS4			Sun Microsystems SunOS 4.x
	SUNOS5			Sun Microsystems SunOS 5.x (Solaris 2.x)
	SVR4			AT&T System V Release 4
	ULTRIX			Digital Equipment Ultrix 4.x

On Sun systems, NFSWATCH needs to either be run as root, or made setuid root
(this is safe; it setuids itself back after opening the needed device).  On
Ultrix systems, it does not need to be setuid root or run as root, but the
super-user has to enable promiscuous mode operation using pfconfig(8).  On
SGI systems, it needs to be either run as root or made setuid to root.  On
SVR4 systems, it needs to be either run as root or made setuid to root.

On pre-4.2 Ultrix systems, the enclosed "pfcopyall" program can be used to
change the value of the "pfcopyall" variable in the kernel so that you can
see packets sent by the host you are running on.  Otherwise, these packets
will not be included in the output of NFSWATCH.

You can redistribute this program as much as you want.  All we ask is that
you give credit where credit is due.  If you make modifications or bug fixes,
please send them back to us, in "diff -c" format, so they can be incorporated
into the next release.

Dave Curry					Jeff Mogul
Purdue University				Digital Equipment Corp.
Engineering Computer Network			Western Research Laboratory
1285 Electrical Engineering Bldg.		250 University Avenue
West Lafayette, IN 47907-1285			Palo Alto, CA 94301
davy@@ecn.purdue.edu				mogul@@decwrl.dec.com
@


1.4
log
@Corrected Jeff's address.
@
text
@d1 1
a1 1
								15 January 1993
d3 1
a3 1
This is NFSWATCH Version 4.0beta.  It lets you monitor NFS requests to any
d11 1
a11 1
	  2.x) using the Data Link Provider Interface (dlpi(7)).
d18 5
a22 6
	- As a side effect of porting to Solaris 2.x, NFSWATCH should also
	  work on any System V Release 4 system, since dlpi(7) is a standard
	  interface.  This has not been tested, however.  Please try it out
	  and send us patches.  Note that due to limitations in the SVR4
	  DLPI, the ethernet broadcast, arp, and rarp packet counters are not
	  supported.
d24 8
d36 3
a38 1
		  "as is".  Send us patches if you get it to work.
d40 2
a41 1
	  SUNOS4: Works with the SunNet FDDI/DX boards.
d47 2
a48 1
	  	  if it doesn't.
d56 5
a60 3
	- There is a new option, "-bg", which tells NFSWATCH to run in the
	  background.  This disables screen output and interactive commands,
	  and sends output to the logfile only.
d62 3
a64 3
  	- There is a new command, "n", which toggles the display of host
	  names or host numbers in client mode.  This option is only
	  available in interactive mode.
d66 16
d91 6
d98 1
a98 1
following architectures:
d103 1
a103 1
	Sun-4 (SPARC)		SunOS 4.1.1
d106 2
a107 2
	DEC VAX			Ultrix 4.2
	DEC RISC		Ultrix 4.2
d110 1
d112 4
a115 4
To compile NFSWATCH, edit the Makefile and set the "OS" macro appropriately
for your system, and then type "make", or if you'd prefer not to edit, say
"make OS=foo" where foo is one of the valid choices.  The valid choices for
the "OS" macro are:
d129 2
a130 1
SGI systems, it needs to be either run as root or made setuid to root.
@


1.3
log
@Miscellaneous cleanups.
@
text
@d108 1
a108 1
1285 Electrical Engineering Bldg.		100 Hamilton Avenue
@


1.2
log
@Added FDDI support
@
text
@d1 1
a1 1
								July, 1992
d3 4
a6 5
This is NFSWATCH Version 3.1.  The only change from version 3.0 is
support for FDDI on Ultrix.  This will only work with Ultrix version
4.2 or later, and all flavors of Ultrix 4.2 (including 4.2A, 4.2B,
and 4.2C) require kernel patches.  Obtain the patched versions of
net_common.o and pfilt.o from your Customer Support Center.
d8 1
a8 2

								January, 1991
d10 2
a11 4
This is NFSWATCH Version 3.0.  It lets you monitor NFS requests to any
given machine, or the entire local network.  It only monitors NFS
client traffic (NFS requests), it does not (and cannot) monitor the
return traffic from the server in response to those requests.
d13 4
a16 1
There have been many changes since NFSWATCH 2.0:
d18 6
a23 3
	- The "-allif" option allows NFSWATCH to read packets from all
	  configured network interfaces, instead of only a single
	  interface.
d25 2
a26 3
	- The '[' and ']' commands have been added to "scroll" the
	  bottom part of the display, which when displaying client
	  names can be longer than the number of lines you have.
d28 2
a29 2
	- The 'p' command changes the display to show NFS procedures
	  and the percentages of each.
d31 1
a31 2
	- A real help screen has been added to replace the single-line
	  help.
d33 2
a34 2
	- The per-client table for recording statistics is now hashed, for
	  better speed.
d36 2
a37 1
	- NFSWATCH now compiles and runs on Ultrix 4.1.
d39 5
a43 4
	- When Ultrix 4.2 comes out, the code is present to allow
	  capture of "packets to self" (the machine NFSWATCH is
	  running on), so the "pfcopyall" program will no longer be
	  needed.
d45 3
a47 4
	- There is a bug in the NIT driver under pre-4.1 SunOS which
	  will make NFSWATCH not classify packets properly (they all
	  end up as "other").  The #ifdefs intended to avoid this in
	  version 2.0 have been fixed.
d49 3
a51 5
	- NFSWATCH now attempts to intuit the byte order in the file
	  handle, so that machines with opposite-order bytes from the
	  one NFSWATCH is running on can still be decoded.  Since file
	  handles are opaque, this is better than nothing, but not by
	  much.
d53 2
a54 1
NFSWATCH has been tested on the following architectures:
d56 2
a57 2
	Sun-3 SunOS 4.1
	Sun-4 SunOS 4.1
d59 2
a60 2
	DEC VAX   Ultrix 4.0, 4.1
	DEC RISC  Ultrix 4.0, 4.1
d62 2
a63 5
To compile NFSWATCH, just type "make".  On SunOS systems, it needs to
either be run as root, or made setuid root (this is safe; it setuids
itself back after opening the NIT device).  On Ultrix systems, it does
not need to be setuid root or run as root, but the super-user has to
enable promiscuous mode operation using pfconfig(8).
d65 5
a69 4
On pre-4.2 Ultrix systems, the enclosed "pfcopyall" program can be
used to change the value of this variable in the kernel so that you
can see packets from the host you are running on.  Otherwise, these
packets will not be included in the output of NFSWATCH.
d71 2
a72 4
You can redistribute this program as much as you want.  All we ask is
that you ive credit where credit is due.  If you make modifications or
bug fixes, please send them to us so they can be incorporated into the
next release.
d74 31
d106 5
a110 5
SRI International				Digital Equipment Corp.
333 Ravenswood Avenue				Western Research Laboratory
Menlo Park, CA 94025				100 Hamilton Avenue
davy@@erg.sri.com				Palo Alto, CA 94301
						mogul@@decwrl.dec.com
@


1.1
log
@Initial revision
@
text
@d1 9
@
