*********README for adding IGRP decoder to Network General's Sniffer.******

This decoder was written by the Network Research & Planning group at 
Indiana University.  We hope you find it useful.  We don't guarantee
anything and won't accept responsibility for any damages resulting
from its use.  It works for us.  Your mileage may vary...

We place this software in the public domain.  Feel free
to modify it to suit your needs.  If you come up with a 
neat modification, we'd like to hear about it.  If you
find a bug, we'd like to hear about that too.
For either of the above contact:

Allen Robel
(812)855-7171
robelr@mythos.ucs.indiana.edu


You should have the following files from this distribution before starting:

igrp.c
igrp.h
README.TXT (this file)

FTP the above in ASCII mode

igrp.enc (optional setup file to filter for IP Type 9 (IGP))

(FTP the above in BINARY mode)


You will also be working with the following files that came with
your Sniffer (Located in C:\ENSNIFF\NEWPI):

TCPPORTS.C
INITPI.C
BUILD.BAT

You will also need to install MicroSoft C 5.1 on your Sniffer (follow
the instructions in the Sniffer manual entitled "Network and Protocol
Reference" for this or use the instructions located later in this
README).

This distribution is known to work, if these instructions are
followed, with the following configurations:

version 2.32 of the Sniffer running on a Toshiba 286 laptop
version 3.00 of the Sniffer running on a Toshiba 386SX laptop


1)  Copy the files:

    c:\ENSNIFF\NEWPI\TCPPORTS.C
    c:\ENSNIFF\NEWPI\INITPI.C
    c:\ENSNIFF\NEWPI\BUILD.BAT

    To a backup directory.  You will be modifying them and it's
    probably best if you worked on copies.

2)  Copy the files in this distribution:

    igrp.c
    igrp.h

    to the directory:

     c:\ENSNIFF\NEWPI

3)  In file c:\ENSNIFF\NEWPI\TCPPORTS.C:

    In the 1st section labled "Tables for use by IP"

    add the line

    extern int (*piptr_ip_igrp)();   /* interp_ip_igrp or NULLP */

    (NOTE: Throughout these instructions its generally easier to copy a 
     similar line nearby and modify it.  It'll also lessen the chance
     of typos)

    after the line that reads:

    {6,    &piptr_tcp},       /* transmission control */

    add

    {9,    &piptr_ip_igrp},   /* interior gateway protocol */


4)  In the file c:\ENSNIFF\NEWPI\INITPI.C
         
    Search for the section entitled

    "Protocols belonging to 1304:  TCP/IP"

    find the lines (~ line 445  <-- I'll give approximate line numbers):

    struct pi_data  *pi_data_ip_rip;  /* RIP */
    extern   interp_ip_rip();

    after those lines add:

    struct pi_data  *pi_data_ip_igrp;  /* IGRP */
    extern   interp_ip_igrp();

    search about 15-17 lines below that (~ line 465) for the line:

    #define interp_ip_rip NULLP

    after that line add:

    #define interp_ip_igrp NULLP

    about 80 or so lines later (~ line 550) you'll see the line:

    int (*piptr_ip_rip) () = interp_ip_rip;

    after this line add:

    int (*piptr_ip_igrp) () = interp_ip_igrp;

    about 1000 lines later (~ line 1525) you'll see the line:

    pi_data_ip_rip = 
       register_pi("RIP", PITYPE_EMBEDDED+LMNG, 0, &no_demux, interp_ip_rip, "RIP:  ");

    after this line add
 
    pi_data_ip_igrp = 
       register_pi("IGRP", PITYPE_EMBEDDED+LMNG, 0, &no_demux, interp_ip_igrp, "IGRP:  ");


5)  In the file BUILD.BAT

    find the line:

    cl /c /AL /Oat /J /Gs /Zp /Gt16 /G2 %1.c

    and add tcpports.c to the end so that it looks like:

    cl /c /AL /Oat /J /Gs /Zp /Gt16 /G2 %1.c tcpports.c

    find the line:

    link initpi+%1, ensniff, ensniffp+ensniffc /SE:500 /CP:1 /STACK:15000

    and modify it to look like:

    link initpi+%1+tcpports, ensniff, ensniffp+ensniffc /SE:500 /CP:1 /STACK:15000 /NOE
                  ^^^^^^^^^                                                        ^^^^^

    Be sure to add the /NOE or you'll get errors (don't ask me why!!!).

6)  If you haven't already done so, install MicroSoft C 5.1 according to the 
    instructions in the Sniffer manual entitled "Network and Protocol Reference."
    page 87.  If you've lost the manual, here's how.

    - Put the "setup" disk in drive A: and type

      A:SETUP

      accept all the defaults *EXCEPT*   <---- very important

      - Specify the LARGE memory model.
      - Override the pathname for "bound executables" by specifying

      c:\tools\mc\exe


7)   In the directory c:\ENSNIFF\NEWPI (you're probably already there)

     Copy PISW<xxxx>.H to PISWITCH.H (mine was called PISWBPG0.H). 

8)   Type:

     BUILD IGRP


9)   After much churning away, you'll have a new sniffer named:

     ENSNIFF.EXE  

10)  Copy ENSNIFF.EXE to \ENSNIFF\ENSNIFFX.EXE
                                         ^
     Note the "X" in the new file name to distinguish it
     from the original Sniffer.

11)  Edit the file ENSNIFFX.MNU and change the line:

     ITEM " Ethernet Analyser"

     to:

     ITEM " Ethernet Analyser w/IGRP"

     (or something similar to distinguish it from the original sniffer)

     Copy ENSNIFFX.MNU to \CONFIG


12   Reboot, or otherwise start up the menu and choose your new Sniffer.


I've included a file in this distrubution called IGRP.ENS.  Its a setup
file that will filter for IGP protocol packets (IP type 9).  You can
copy this file to c:\CAPTURE and load it from the:

    Files --> Load --> Setups  

menu.

The choice for IGRP filtering will appear in:

Display --> Filters --> Protocol

as IGRP

uncheck everything else <Alt><Spacebar>

and then check IGRP <spacebar>

to view only IGRP packets.

So start capturing those routing updates and analyzing 'em already!!


-allen
