Re: Identify DECnet Plus (copy/fal) traffic?

From: JBloggs <JBloggs@xxxxxxxx>
Date: Wed, 15 Jul 2009 11:16:26 -0700

On Wed, 15 Jul 2009 00:05:23 +0100, "Andrew Wright"
<wrightar@xxxxxxxxxx> wrote:

On an Alpha Running OpenVMS DECnet Plus (OSI) V8.2 please could anyone
suggest a way of identifying all the DECnet traffic (particularly copy
operations), with process name and the local /remote connection the process
is making?

a few possible ways to get more info, say beside accounting records:

$! one net$server per network login:
$ define/system/exec netserver$timeout "0"

in sys$manager:sylogin.com, you might be able to do this:

$ netserver$command :== @device:[dir]netnfo.verbose

where netnfo.verbose was:
(watch out for lines wrapped by newsreaders:

$!'f$verify(0)
$!++
$! NETINFO.COM PROGRAM
$!
$! do the same w/o requests
$!
$! NETINFO VERSION 2.0 - AUGUST 1992
$!
$! BY: JOHN MCMAHON
$! TGV, INCORPORATED
$! PHONE: 800-848-3440
$! E-MAIL: MCMAHON@xxxxxxx
$!
$! DCL VERSION BASED ON EARLIER WORKS BY JOHN MCMAHON
$! THAT WERE DEVELOPED UNDER CONTRACT TO THE ADVANCED
$! DATA FLOW TECHNOLOGY OFFICE (NASA GODDARD SPACE
$! FLIGHT CENTER) AND THE COSMIC BACKGROUND EXPLORER
$! SCIENCE DATA ROOM PROJECT (NASA GODDARD SPACE FLIGHT
$! CENTER)
$!
$! SUGGESTED BY A SAMPLE PROGRAM IN A DEC SEMINAR
$! ON "NETWORK SECURITY"
$!
$! INSTALLING THIS PROGRAM:
$!
$! 1) PERMANENT NETSERVERS SHOULD BE TURNED OFF BY
$! ISSUING THE COMMAND:
$!
$! DEFINE/SYSTEM/EXEC NETSERVER$TIMEOUT "0"
$!
$! IN THE SYSTEM STARTUP PROCEDURE.
$!
$! 2) THE GLOBAL SYMBOL NETSERVER$COMMAND SHOULD
$! BE DEFINED IN THE SYSTEM LOGIN PROCEDURE
$! AS:
$!
$! NETSERVER$COMMAND :== @DISK:[DIRECTORY]THIS-PROCEDURE
$!
$! 3) THE PROTECTION ON THE COMMAND PROCEDURE SHOULD BE:
$! (S:RE,O:RE,G:E,W:E)
$!
$! NOTE: THIS SOFTWARE IS PROVIDED AS-IS, THE AUTHOR AND HIS EMPLOYERS
$! ASSUME NO RESPONSIBILTY FOR THE USE, LOSSES FROM THE USE, OR
RELIABILITY
$! OF THIS SOFTWARE.
$!++
$!
$ PROGRAM = " NETINFO V2.0 "
$ LOG := WRITE SYS$OUTPUT F$TIME()+PROGRAM+
$ ON WARNING THEN GOTO SOS
$ LOG "WRITTEN AUGUST 1992 BY JOHN MCMAHON"
$!
$! THIS ONLY WORKS FOR NETWORK PROCESSES
$!
$ IF F$MODE() .NES. "NETWORK"
$ THEN
$ LOG "EXITING - THIS IS NOT A NETWORK PROCESS"
$ EXIT
$ ENDIF
$!
$! USEFUL THINGS TO DO FIRST...
$!
$! (NOTE J)
$!
$! DEFINE FAL$LOG 1 ! FAL DEBUGGING LOGICAL THAT
$ ! REPORTS FILENAMES BEING ACCESSED
$!
$! SAVE THE NETSERVER FILES FROM RANDOM PURGING
$!
$! AN ALTERNATE TECHNIQUE WOULD BE TO RENAME FILES TO AN
$! ALTERNATE DIRECTORY
$!
$! (NOTE H)
$!
$ IF F$SEARCH("SYS$LOGIN:NETSERVER.LOG") .NES. ""
$ THEN
$ SET PROTECTION=(S:RWE,O:RWE,G,W) SYS$LOGIN:NETSERVER.LOG.*
$ ENDIF
$!
$! NETSERVER.COM VERIFY SETTING
$!
$ NETSERVER$VERIFY :== 0 ! 0=OFF, 1=ON
$!
$! TABLE OF OBJECTS REGISTERED IN NCP
$!
$! THIS IS A SUBSET OF THE OBJECTS THAT DO NOT HAVE PROCESSES
$! ASSOCIATED WITH THEM (EXAMPLE: IGNORE REMACP AND SMISERVER)
$!
$! THIS INFORMATION WAS RETRIEVED USING THE NCP COMMAND
$! NCP> SHOW KNOWN OBJECTS
$!
$ OBJECTTABLE_0 = "MOM,NICONFIG,TASK"
$ OBJECTTABLE_17 = "FAL,SUBMIT/REMOTE" ! File Access
$ OBJECTTABLE_18 = "HLD"
$ OBJECTTABLE_19 = "NML" ! NCP Commands
$ OBJECTTABLE_25 = "MIRROR"
$ OBJECTTABLE_26 = "EVL"
$ OBJECTTABLE_27 = "MAIL" ! Electronic Mail
$ OBJECTTABLE_29 = "PHONE" ! Phone
$ OBJECTTABLE_51 = "VPM" ! Monitor
$ OBJECTTABLE_63 = "DTR"
$!
$! GET THE NCB OUT OF THE SYS$NET LOGICAL NAME
$!
$ NETINFO_NCB = F$TRNLNM("SYS$NET")
$!
$! (NOTE A)
$!
$! GET THE REMOTE NODENAME AND USERNAME
$!
$! NODENAME IS PRIOR TO THE FIRST COLON
$!
$ NETINFO_NODENAME == F$ELEMENT(0,":",NETINFO_NCB)
$!
$! (NOTE B)
$!
$! EXTRACT THE STRING BETWEEN THE "=" AND THE "/"
$! THIS IS THE USERNAME
$!
$ WORK_STRING = F$ELEMENT(1,"=",NETINFO_NCB)
$ NETINFO_USERNAME == F$ELEMENT(0,"/",WORK_STRING)
$!
$! (NOTE C)
$!
$! GET THE LOCAL LINK NUMBER, OPTIONAL INFO,
$! OBJECT FORMAT AND OBJECT NUMBER
$!
$! EXTRACT THE STRING AFTER THE "/"
$! THIS SIMPLIFIES LOCATING THINGS BECAUSE
$! WE AREN'T DEALING WITH A RANDOM LENGTH
$! USERNAME OR NODENAME
$!
$! BYTES 0-1 IS THE LINK NUMBER
$! BYTE 2 IS THE OPTIONAL INFO LENGTH
$! BYTES 3-18 IS THE OPTIONAL INFO
$! BYTE 19 IS THE OBJECT FORMAT
$! BYTE 20 IS THE OBJECT NUMBER
$!
$ WORK_STRING = F$ELEMENT(1,"/",NETINFO_NCB)
$ NETINFO_LINK_NUMBER = F$CVUI(0,16,WORK_STRING) $
NETINFO_OPTIONAL_INFO_LENGTH = F$CVUI(0,8, F$EXTRACT(2,1,WORK_STRING)
)
$ NETINFO_OPTIONAL_INFO = F$EXTRACT(3,16,WORK_STRING) $! (NOTE D)
$ NETINFO_OBJECT_FORMAT = F$CVUI(0,8, F$EXTRACT(19,1,WORK_STRING) ) $
NETINFO_OBJECT_NUMBER == F$CVUI(0,8, F$EXTRACT(20,1,WORK_STRING) )
$!
$! CONVERT THE OPTIONAL_INFO INTO HEX
$!
$ NETINFO_OPTIONAL_INFO_HEX = ""
$ COUNT = 0
$ LOOP:
$ BYTE = F$EXTRACT(COUNT,1,NETINFO_OPTIONAL_INFO)
$! (NOTE G)
$ NETINFO_OPTIONAL_INFO_HEX = -
NETINFO_OPTIONAL_INFO_HEX +-
F$FAO( "!2XL",F$CVUI(0,8,BYTE) )
$ COUNT = COUNT + 1
$ IF COUNT .LT. 16 THEN GOTO LOOP
$ ENDLOOP:
$!
$! IF THE OBJECT FORMAT IS 1, THEN GET THE OBJECT NAME
$! LENGTH AND THE OBJECT NAME
$!
$! BYTE 21 IS THE OBJECT NAME LENGTH
$! BYTE 22 BEGINS THE OBJECT NAME
$!
$ NETINFO_OBJECT_NAME_LENGTH = 0
$ NETINFO_OBJECT_NAME == ""
$ IF NETINFO_OBJECT_FORMAT .EQ. 1
$ THEN
$ NETINFO_OBJECT_NAME_LENGTH = F$CVUI(0,8,
F$EXTRACT(21,1,WORK_STRING))
$! (NOTE E)
$ NETINFO_OBJECT_NAME == -
F$EXTRACT(22,NETINFO_OBJECT_NAME_LENGTH,WORK_STRING)
$ ENDIF
$!
$! IF THE OBJECT NUMBER CAN BE MAPPED TO A KNOWN NAME,
$! THEN DO SO
$!
$ NETINFO_KNOWN_OBJECT_NAME == ""
$ IF F$TYPE(OBJECTTABLE_'NETINFO_OBJECT_NUMBER') .EQS. "STRING"
$ THEN
$ NETINFO_KNOWN_OBJECT_NAME ==
OBJECTTABLE_'NETINFO_OBJECT_NUMBER'
$ ENDIF
$!
$! WHAT'S MY LOCAL PID, USERNAME, PROCESS AND NODENAME ?
$!
$ NETINFO_PID = F$GETJPI(0,"PID")
$ NETINFO_LOCAL_USERNAME = F$GETJPI(0,"USERNAME")
$ NETINFO_LOCAL_PROCESSNAME = F$GETJPI(0,"PRCNAM")
$ NETINFO_LOCAL_NODENAME = F$GETSYI("NODENAME")
$!
$! FORMAT THE OPCOM MESSAGE SIMILAR TO THE SECURITY ALARM
$!
$! THE REQUEST VERB ONLY TAKES LINES UP TO (ABOUT) 255 CHARACTERS
$! SO WE SEND THE DATA AS TWO MESSAGES, APPROXIMATELY 200 BYTES
$! EACH.
$!
$ WALL_CLOCK = F$TIME()
$! (NOTE F)
$ NETINFO_OUTPUT = -
F$FAO("!AS- NETWORK LOGIN REPORT!/EVENT
TIME:!_!_!AS!/",PROGRAM,WALL_CLOCK)
$ NETINFO_OUTPUT = NETINFO_OUTPUT + -
F$FAO("PID:!_!_!_!AS!_PROCESS NAME:!_!AS!/",-
NETINFO_PID,NETINFO_LOCAL_PROCESSNAME)
$ NETINFO_OUTPUT = NETINFO_OUTPUT + -
F$FAO("LOCAL USERNAME:!_!_!AS!/",NETINFO_LOCAL_USERNAME)
$ NETINFO_OUTPUT = NETINFO_OUTPUT + -
F$FAO("LOCAL NODENAME:!_!_!AS!/",NETINFO_LOCAL_NODENAME)
$!
$! THE SECURITY ALARM INCLUDES THE REMOTE NODENUMBER.
$! THIS CANNOT BE RETRIEVED WITHOUT
$! SYSPRV (VIA AN INDEXED DCL READ INTO
SYS$SYSTEM:NETNODE_REMOTE.DAT),
$! SO WE DON'T DO IT.
$!
$ NETINFO_OUTPUT = NETINFO_OUTPUT + -
F$FAO("REMOTE NODENAME:!_!AS!/",NETINFO_NODENAME)
$ NETINFO_OUTPUT = NETINFO_OUTPUT + -
F$FAO("REMOTE USERNAME:!_!AS!/",NETINFO_USERNAME)
$!
$! FEED THE FORMATTED TEXT TO REQUEST
$! 20-JAN-1993 09:11:14 -ldb request to security only ...
$!
$! LOG "SENDING MESSAGE 1, LENGTH=",F$LENGTH(NETINFO_OUTPUT)
$ write sys$output "''NETINFO_OUTPUT'" ! FIRST MESSAGE
$ REQUEST/TO=(SECURITY) "''NETINFO_OUTPUT'" ! FIRST MESSAGE
$!
$! DO IT AGAIN WITH THE REST OF THE DATA
$!
$ NETINFO_OUTPUT2 = -
F$FAO("!AS- NETWORK LOGIN REPORT (CONTINUED)!/EVENT
TIME:!_!_!AS!/",-
PROGRAM,WALL_CLOCK)
$ NETINFO_OUTPUT2 = NETINFO_OUTPUT2 + -
F$FAO("PID:!_!_!_!AS!_PROCESS NAME:!_!AS!/",-
NETINFO_PID,NETINFO_LOCAL_PROCESSNAME)
$ NETINFO_OUTPUT2 = NETINFO_OUTPUT2 + -
F$FAO("LOCAL LINK NUMBER:!_!SL!/",NETINFO_LINK_NUMBER)
$ NETINFO_OUTPUT2 = NETINFO_OUTPUT2 + -
F$FAO("OBJECT NUMBER:!_!_!SL",NETINFO_OBJECT_NUMBER)
$ IF NETINFO_KNOWN_OBJECT_NAME .NES. "" THEN -
NETINFO_OUTPUT2 = NETINFO_OUTPUT2 + -
F$FAO(" (!AS)",NETINFO_KNOWN_OBJECT_NAME)
$ NETINFO_OUTPUT2 = NETINFO_OUTPUT2 + F$FAO("!/")
$ IF NETINFO_OBJECT_NAME .NES. "" THEN -
NETINFO_OUTPUT2 = NETINFO_OUTPUT2 + -
F$FAO("OBJECT NAME:!_!_!AS!/",NETINFO_OBJECT_NAME)
$! LOG "SENDING MESSAGE 2, LENGTH=",F$LENGTH(NETINFO_OUTPUT2)
$! 20-JAN-1993 09:11:14 -ldb request to security only ...
$ REQUEST/TO=(SECURITY) "''NETINFO_OUTPUT2'" ! SECOND MESSAGE
$ write sys$output "''NETINFO_OUTPUT2'" ! SECOND MESSAGE
$!
$! DUMP ALL OF THE NETINFO SYMBOLS INTO NETSERVER.LOG
$! no, don't. -ldb 19-JAN-1993 05:21:44
$!
$! LOG "DUMPING CURRENT NETINFO SYMBOLS"
$! SHOW SYMBOL NETINFO*
$!
$! ANY SPECIAL PROCESSING COULD GO HERE
$!
$ @toolsdisk:[tools.com]firewall.com
$!
$! "CARTWRIGHT" IS USED AS AN EXAMPLE LOCAL USERNAME HERE.
$!
$! (NOTE K)
$!
$! EXAMPLE OF DISABLING FILE ACCESS FOR A PARTICULAR USER
$!
$! IF (NETINFO_LOCAL_USERNAME .EQS. "CARTWRIGHT") .AND. -
$! (NETINFO_KNOWN_OBJECT_NAME .EQS. "FAL")
$! THEN
$! WRITE SYS$OUTPUT "ACCESS TO FAL DENIED FOR USER CARTWRIGHT"
$! LOGOUT/FULL
$! ENDIF
$!
$! (NOTE M)
$!
$! EXAMPLE OF DISABLING SUBMIT/REMOTE ACCESS FOR A PARTICULAR USER
$!
$! IF (NETINFO_LOCAL_USERNAME .EQS. "CARTWRIGHT") .AND. -
$! (NETINFO_KNOWN_OBJECT_NAME .EQS. "FAL")
$! THEN
$! DEFINE SYS$BATCH "$NOT$A$REAL$BATCH$QUEUE$NAME$"
$! WRITE SYS$OUTPUT "ACCESS TO SUBMIT/REMOTE DENIED FOR USER
CARTWRIGHT"
$! ENDIF
$!
$! (NOTE N)
$!
$! EXAMPLE OF DISABLING OBJECT ZERO ACCESS FOR A PARTICULAR USER
$! ADDITIONAL CODE COULD BE ADDED TO TEST FOR "DIGITAL-RESERVED"
OBJECTS
$! (EXAMPLE: $MOM) IF YOU STILL WANT THOSE OBJECTS TO WORK
$!
$! IF (NETINFO_LOCAL_USERNAME .EQS. "CARTWRIGHT") .AND. -
$! (NETINFO_OBJECT_NUMBER .EQ. 0)
$! THEN
$! WRITE SYS$OUTPUT "ACCESS TO OBJECT ZERO DENIED FOR USER
CARTWRIGHT"
$! LOGOUT
$! ENDIF
$!
$! LOG "NORMAL EXIT"
$ EXIT
$!
$ SOS:
$!
$! IF A WARNING (OR WORSE) OCCURS, WE BOUNCE TO HERE
$!
$ SAVE_STATUS = $STATUS
$! 20-JAN-1993 09:11:14 -ldb request to security only ...
$ REQUEST/TO=(SECURITY) -
"''PROGRAM' - ABNORMAL EXIT, STATUS=''SAVE_STATUS'"
$! LOG "ABNORMAL EXIT, STATUS="+SAVE_STATUS
$ EXIT 'SAVE_STATUS
.

References:
- Identify DECnet Plus (copy/fal) traffic?
  - From: Andrew Wright

Prev by Date: Re: CMS-like freeware ?
Next by Date: Re: Identify DECnet Plus (copy/fal) traffic?
Previous by thread: Re: Identify DECnet Plus (copy/fal) traffic?
Next by thread: Re: Identify DECnet Plus (copy/fal) traffic?
Index(es):
- Date
- Thread

Relevant Pages

Re: Network shares and printing
... Click Start, click Control Panel, click Network and Internet Connections, ... Type the correct DNS address in the Preferred DNS server box. ... shared drive and entering proper username and password. ...
(microsoft.public.windowsxp.network_web)
Re: Windows XP Pro and Home Connectivity
... What's strange though is that when I log in under the new/secondary username, ... it's as if the network wizard has not been run. ... d) The Guest account on the Pro computer is disabled. ...
(microsoft.public.windowsxp.network_web)
RE: XP requiring authentication for network resources without password
... Working with 'Network Places' is at best unreliable. ... a logon-dialog for the NAS, and then run a script connecting the drives. ... network resources that do not have a username or password assigned. ...
(microsoft.public.windowsxp.network_web)
[PATCH 3/3] NET: [e1000] Example implementation of multiqueue network device API
... fulfilling a request to demonstrate the proposed multiqueue network device ... unsigned int segs, bytecount; ...
(Linux-Kernel)
Re: Help Connecting to other PCs
... because when your computer goes out to the network it will go out ... there with Administrator and, ... > If the username and password account has been created on each machine does ... >> * PLEASE post all messages and replies in the newsgroups ...
(microsoft.public.win2000.networking)