  LAN traffic monitor for IP network? 
 The Question is:
 
May a C program be written that monitors traffic between an existing TCP/IP
 server - client connection? Will the normal socket routines work or must the
 qio functions be used? Is it necessary to use the raw IP protocol (there's
 very little documenation on
 raw)?
 
 
 The Answer is :
 
  Raw is direct IP packet access, with the application reading and writing
  IP datagrams for the network.  TCP and UDP are the two classic examples
  of protocols that operate over IP.
 
  If your question is one of monitoring the traffic at the network level
  (and this involves a broadcast network, such as Ethernet or IEEE 802.3),
  yes, you can write a LAN traffic monitor -- usually using direct access
  to the network stack using $qio calls to the network driver.  For
  details, see the promiscuous-mode setting for the network drivers
  and the associated documentation in the I/O User's Reference Manual.
 
  It would be quicker and far easier to acquire an existing IP or LAN
  monitor.  (Acquiring the packets is the easy part, decoding the packet
  data is far more involved as the numbers of protocols increase.)
 
  You will want to learn about Ethernet, IEEE 802.3, and IP networking,
  if you wish to pursue this.
 
 Answer written or last revised on  1-NOV-2002 
