452 lines
17 KiB
HTML
452 lines
17 KiB
HTML
<!--startcut ==============================================-->
|
|
<!-- *** BEGIN HTML header *** -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML><HEAD>
|
|
<title>Using ngrep LG #57</title>
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
|
ALINK="#FF0000">
|
|
<!-- *** END HTML header *** -->
|
|
|
|
<CENTER>
|
|
<A HREF="http://www.linuxgazette.com/">
|
|
<H1><IMG ALT="LINUX GAZETTE" SRC="../gx/lglogo.jpg"
|
|
WIDTH="600" HEIGHT="124" border="0"></H1></A>
|
|
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="eyler.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue57/eyler2.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="feenberg.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
<P>
|
|
</CENTER>
|
|
|
|
<!--endcut ============================================================-->
|
|
|
|
<H4 ALIGN="center">
|
|
"Linux Gazette...<I>making Linux just a little more fun!</I>"
|
|
</H4>
|
|
|
|
<P> <HR> <P>
|
|
<!--===================================================================-->
|
|
|
|
<center>
|
|
<H1><font color="maroon">Using ngrep</font></H1>
|
|
<H4>By <a href="mailto:pate@gnu.org">Pat Eyler</a></H4>
|
|
</center>
|
|
<P> <HR> <P>
|
|
|
|
<!-- END header -->
|
|
|
|
|
|
|
|
|
|
<h1><a name="AEN1">Using ngrep</a></h1>
|
|
|
|
<div class="SECTION">
|
|
<h1 class="SECTION"><a name="AEN3"></a></h1>
|
|
|
|
<div class="SECTION">
|
|
<h2 class="SECTION"><a name="AEN4">ngrep</a></h2>
|
|
|
|
<p><tt class="PARAMETER"><i>ngrep</i></tt> is a tool for watching
|
|
network traffic. It is based on the <tt class="PARAMETER"><i>
|
|
libpcap</i></tt> library, which provides packet capturing
|
|
functionality. <tt class="PARAMETER"><i>ngrep</i></tt> allows
|
|
regular expression style filters to be used to select traffic to be
|
|
displayed.</p>
|
|
|
|
<p><tt class="PARAMETER"><i>ngrep</i></tt> is the first utility
|
|
we'll discuss that doesn't ship on most linux systems. We'll talk
|
|
about how to get and install it, how to start it up and use it, and
|
|
more advanced use.</p>
|
|
|
|
<div class="SECTION">
|
|
<h3 class="SECTION"><a name="AEN12">Getting & Installing
|
|
ngrep</a></h3>
|
|
|
|
<p>Source code for ngrep is available from
|
|
<A HREF="http://www.packetfactory.net/Projects/ngrep/">http://www.packetfactory.net/Projects/ngrep/</A> as are some binary
|
|
packages. I'll review installing the source, as the binary packages
|
|
are fairly straight forward.</p>
|
|
|
|
<p>On a Redhat 6.2 system, you'll need to install libpcap before
|
|
you can install ngrep. This package is available from
|
|
<A HREF="http://www.tcpdump.org/release">http://www.tcpdump.org/release</A>. As of this writing, the most recent
|
|
version is libpcap-0.5.2.tar.gz. Once this is downloaded, I put
|
|
things like this into /usr/local/src, you should do the
|
|
following:</p>
|
|
|
|
<table border="0" bgcolor="#E0E0E0" width="100%">
|
|
<tr>
|
|
<td>
|
|
<pre class="SCREEN">
|
|
<tt class="PROMPT">$</tt> <tt class=
|
|
"USERINPUT"><b>tar xvzf libpcap-0.5.2.tar.gz</b></tt>
|
|
<tt class="PROMPT">$</tt> <tt class=
|
|
"USERINPUT"><b>cd libpcap_0_5rel2</b></tt>
|
|
<tt class="PROMPT">$</tt> <tt class=
|
|
"USERINPUT"><b>./configure</b></tt>
|
|
<tt class="PROMPT">$</tt> <tt class="USERINPUT"><b>make</b></tt>
|
|
<tt class="PROMPT">$</tt> <tt class="USERINPUT"><b>su</b></tt>
|
|
<tt class="PROMPT">Password:</tt> <tt class=
|
|
"USERINPUT"><b>********</b></tt>
|
|
<tt class="PROMPT">#</tt> <tt class=
|
|
"USERINPUT"><b>make install-incl</b></tt>
|
|
<tt class="PROMPT">#</tt> <tt class=
|
|
"USERINPUT"><b>make install-man</b></tt>
|
|
<tt class="PROMPT">#</tt> <tt class="USERINPUT"><b>exit</b></tt>
|
|
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
<br>
|
|
<p>Your next step is to build ngrep itself. ngrep source can be
|
|
downloaded from <A HREF="http://www.packetfactory.net/Projects/ngrep">http://www.packetfactory.net/Projects/ngrep</A>. After
|
|
downloading it, do the following:</p>
|
|
|
|
<table border="0" bgcolor="#E0E0E0" width="100%">
|
|
<tr>
|
|
<td>
|
|
<pre class="SCREEN">
|
|
<tt class="PROMPT">$</tt> <tt class=
|
|
"USERINPUT"><b>tar xzvf ngrep-1.38.tar.gz</b></tt>
|
|
<tt class="PROMPT">$</tt> <tt class=
|
|
"USERINPUT"><b>cd ngrep</b></tt>
|
|
<tt class="PROMPT">$</tt> <tt class=
|
|
"USERINPUT"><b>./configure</b></tt>
|
|
<tt class="PROMPT">$</tt> <tt class="USERINPUT"><b>make</b></tt>
|
|
<tt class="PROMPT">$</tt> <tt class="USERINPUT"><b>su</b></tt>
|
|
<tt class="PROMPT">Password:</tt> <tt class=
|
|
"USERINPUT"><b>********</b></tt>
|
|
<tt class="PROMPT">#</tt> <tt class=
|
|
"USERINPUT"><b>make install</b></tt>
|
|
<tt class="PROMPT">#</tt> <tt class="USERINPUT"><b>exit</b></tt>
|
|
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
<br>
|
|
<p>Congratulations, at this point you should have a working copy of
|
|
ngrep installed on your system.</p>
|
|
</div>
|
|
|
|
<div class="SECTION">
|
|
<h3 class="SECTION"><a name="AEN54">Using ngrep</a></h3>
|
|
|
|
<p>To start using ngrep you'll need to decide what pattern you want
|
|
to search for. These can be either libpcap style descriptions of
|
|
network traffic or GNU grep style regular expressions describing
|
|
the contents of traffic. In the following example, we'll grab any
|
|
packet containing the pattern <span class="QUOTE">"ssword"</span> and
|
|
display it in the alternative format (which I think is a lot more
|
|
readable):</p>
|
|
|
|
<table border="0" bgcolor="#E0E0E0" width="100%">
|
|
<tr>
|
|
<td>
|
|
<pre class="SCREEN">
|
|
<tt class="PROMPT">[root@cherry /root]#</tt> <tt class=
|
|
"USERINPUT"><b>ngrep -x ssword</b></tt>
|
|
<tt class="PROMPT">interface: eth0 (192.168.1.0/255.255.255.0)</tt>
|
|
<tt class="PROMPT">match: ssword</tt>
|
|
<tt class="PROMPT">################################</tt>
|
|
<tt class=
|
|
"PROMPT">T 192.168.1.20:23 -> 192.168.1.10:1056 [AP]</tt>
|
|
<tt class=
|
|
"PROMPT"> 50 61 73 73 77 6f 72 64 3a 20 Password:</tt>
|
|
<tt class="PROMPT">#########################exit</tt>
|
|
<tt class="PROMPT">59 received, 0 dropped</tt>
|
|
<tt class="PROMPT">[root@cherry /root]# </tt>
|
|
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
<br>
|
|
<p>Each of the hash marks in the above example represent a packet
|
|
not containing the pattern we're searching for, any packets
|
|
containing the pattern are displayed.</p>
|
|
|
|
<p>In this example we followed the basic syntax of ngrep –
|
|
<tt class="PARAMETER"><i>ngrep <options> [pattern]</i></tt>.
|
|
We used only the <tt class="PARAMETER"><i>-x</i></tt> option, which
|
|
sets the alternative display format.</p>
|
|
</div>
|
|
|
|
<div class="SECTION">
|
|
<h3 class="SECTION"><a name="AEN73">Doing More with ngrep</a></h3>
|
|
|
|
<p>There are a number of additional twists to the way that you can
|
|
use ngrep. Chief among them is the ability to include libpcap style
|
|
packet filtering. libpcap provides a fairly simple language for
|
|
filtering traffic.</p>
|
|
|
|
<p>Filters are written by combining <i class="EMPHASIS">
|
|
primitives</i> with conjunctions (<tt class=
|
|
"PARAMETER"><i>and</i></tt> and <tt class="PARAMETER"><i>
|
|
or</i></tt>). Primitives can be preceeded with the term <tt class=
|
|
"PARAMETER"><i>not</i></tt>.</p>
|
|
|
|
<p>Primitives are normally formed with an id (which can be numeric
|
|
or a symbolic name followed by one or more qualifiers. There are
|
|
three kinds of qualifiers; type, direction, and protocol.</p>
|
|
|
|
<p>Type qualifiers describe what the id refers to. Allowed options
|
|
are <tt class="PARAMETER"><i>host</i></tt>, <tt class="PARAMETER">
|
|
<i>net</i></tt>, and <tt class="PARAMETER"><i>port</i></tt>. If not
|
|
type is given, the primitive defaults to <tt class="PARAMETER"><i>
|
|
host</i></tt>. Examples of type primitives are; <tt class=
|
|
"PARAMETER"><i>host crashtestdummy</i></tt>, <tt class="PARAMETER">
|
|
<i>net 192.168.2</i></tt>, or <tt class="PARAMETER"><i>port
|
|
80</i></tt></p>
|
|
|
|
<p>Directional qualifiers indicate which direction traffic is
|
|
flowing in. Allowable qualifiers are <tt class="PARAMETER"><i>
|
|
src</i></tt> and/or <tt class="PARAMETER"><i>dst</i></tt>. Examples
|
|
of direction primitives are: <tt class="PARAMETER"><i>src
|
|
cherry</i></tt>, <tt class="PARAMETER"><i>dst mango</i></tt>, <tt
|
|
class="PARAMETER"><i> src or dst port http</i></tt>. This last
|
|
example shows two qualifiers being used with a single id.</p>
|
|
|
|
<p>Protocol qualifiers limit the captured packets to those of a
|
|
single protocol. In the absence of a protocol qualifier, all ip
|
|
packets are captured (subject to other filtering rules). Protocols
|
|
which can be fileter are <tt class="PARAMETER"><i>tcp</i></tt>, <tt
|
|
class="PARAMETER"><i>udp</i></tt>, and <tt class="PARAMETER"><i>
|
|
icmp</i></tt>. You might use a protocol qualifier like <tt class=
|
|
"PARAMETER"><i>icmp</i></tt>, or <tt class="PARAMETER"><i>tcp dst
|
|
port telnet</i></tt>.</p>
|
|
|
|
<p>Primitives can be negated and combined to develop more complex
|
|
filters. If you wanted to see all traffic to rose except telnet and
|
|
ftp-data, you could use the following filter <tt class="PARAMETER">
|
|
<i>host dst rose and not port telnet and not port
|
|
ftp-data</i></tt>.</p>
|
|
|
|
<p>There are some command line switches that are worth noting as
|
|
well. The following table shows the command line switches likely to
|
|
be of the most use. As usual, check the man page for more
|
|
detail.</p>
|
|
|
|
<div class="TABLE">
|
|
<p><b>Table 1. Command Line Switches for ngrep</b></p>
|
|
|
|
<table border="1" bgcolor="#E0E0E0" cellspacing="0" cellpadding="4"
|
|
class="CALSTABLE">
|
|
<thead>
|
|
<tr>
|
|
<th align="LEFT" valign="TOP"><tt class="PARAMETER"><i>
|
|
-e</i></tt></th>
|
|
<th align="LEFT" valign="TOP">Show empty packets.</th>
|
|
</tr>
|
|
</thead>
|
|
|
|
<tbody>
|
|
<tr>
|
|
<td align="LEFT" valign="TOP"><tt class="PARAMETER"><i>-n
|
|
[num]</i></tt></td>
|
|
<td align="LEFT" valign="TOP">Match num packets, then exit.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="LEFT" valign="TOP"><tt class="PARAMETER"><i>-i
|
|
[expression]</i></tt></td>
|
|
<td align="LEFT" valign="TOP">Search for the regular expression
|
|
without regard to case.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="LEFT" valign="TOP"><tt class="PARAMETER"><i>-v
|
|
[expression]</i></tt></td>
|
|
<td align="LEFT" valign="TOP">Search for packets not containing the
|
|
regular expression.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="LEFT" valign="TOP"><tt class="PARAMETER"><i>
|
|
-t</i></tt></td>
|
|
<td align="LEFT" valign="TOP">Print a YYYY/MM/DD HH:MM:SS.UUUUUU
|
|
timestamp on each matched packet.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="LEFT" valign="TOP"><tt class="PARAMETER"><i>
|
|
-T</i></tt></td>
|
|
<td align="LEFT" valign="TOP">display a +S.UUUUUU timestamp on each
|
|
matched packet.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="LEFT" valign="TOP"><tt class="PARAMETER"><i>
|
|
-x</i></tt></td>
|
|
<td align="LEFT" valign="TOP">Show the packets in the alternate hex
|
|
and ascii style.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="LEFT" valign="TOP"><tt class="PARAMETER"><i>-I
|
|
[filename]</i></tt></td>
|
|
<td align="LEFT" valign="TOP">Read from a pcap style dump named
|
|
filename instead of live traffic.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="LEFT" valign="TOP"><tt class="PARAMETER"><i>-O
|
|
filename</i></tt></td>
|
|
<td align="LEFT" valign="TOP">Write output to a pcap style file
|
|
named filename.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="LEFT" valign="TOP"><tt class="PARAMETER"><i>
|
|
-D</i></tt></td>
|
|
<td align="LEFT" valign="TOP">Mimic realtime by printing matched
|
|
packets at their recorded timestamp.</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<br>
|
|
<br>
|
|
</div>
|
|
|
|
<div class="SECTION">
|
|
<h3 class="SECTION"><a name="AEN150">Wrapping up ngrep</a></h3>
|
|
|
|
<p>Using <tt class="PARAMETER"><i>ngrep</i></tt> can help you
|
|
quickly match and display packets during your troubleshooting. If
|
|
you've got an application level problem, <tt class="PARAMETER"><i>
|
|
ngrep</i></tt> can help you isolate the problem.</p>
|
|
|
|
<p>For example, if I was trying to make a connection from cherry
|
|
(192.168.1.10) to cuke (192.168.2.10) and the connection was
|
|
failing, I might troubleshoot the problem like this:</p>
|
|
|
|
<blockquote class="BLOCKQUOTE">
|
|
<p>Describe the symptoms: Cherry can not make a connection to hosts
|
|
on remote network, but can connect to hosts on other networks.
|
|
Other hosts on cherry's network can connect to hosts on the remote
|
|
network.</p>
|
|
|
|
<p>Understand the environment: The hosts involved are cherry,
|
|
rhubard (the gateway to the remote network), and cuke.</p>
|
|
|
|
<p>List hypotheses: My problems might be a misconfiguration of
|
|
cherry, or of an intervening router.</p>
|
|
|
|
<p>Prioritize hypothesis & narrow focus: Because cuke seems to
|
|
be the only host affected, we'll start looking there. If we can't
|
|
solve the problem on cuke, we'll move to rhubarb.</p>
|
|
|
|
<p>Create a plan of attack: I can try to ping cuke from cherry
|
|
while <tt class="PARAMETER"><i>ngrep</i></tt>ing for traffic like
|
|
this, <tt class="PARAMETER"><i>ngrep host cherry</i></tt> to see
|
|
what traffic I am sending.</p>
|
|
|
|
<p>Act on your plan: As we start pinging cuke, we see the following
|
|
results in our <tt class="PARAMETER"><i>ngrep</i></tt> session:</p>
|
|
|
|
<table border="0" bgcolor="#E0E0E0" width="100%">
|
|
<tr>
|
|
<td>
|
|
<pre class="SCREEN">
|
|
<tt class="PROMPT">[root@cherry /root]#</tt> <tt class=
|
|
"USERINPUT"><b>ngrep -e -x host 192.168.1.10</b></tt>
|
|
<tt class="PROMPT">interface: eth0 (192.168.1.0/255.255.255.0)
|
|
filter: ip and ( host 192.168.1.10 )
|
|
#
|
|
I 192.168.1.10 -> 192.168.2.10 8:0
|
|
eb 07 00 00 31 86 a7 39 5e cd 0e 00 08 09 0a 0b ....1..9^.......
|
|
0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b ................
|
|
1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b .... !"#$%&'()*+
|
|
2c 2d 2e 2f 30 31 32 33 34 35 36 37 ,-./01234567
|
|
#
|
|
I 192.168.1.1 -> 192.168.1.10 5:1
|
|
c0 a8 01 0b 45 00 00 54 25 f2 00 00 40 01 d0 52 ....E..T%...@..R
|
|
c0 a8 01 0a c0 a8 02 0a 08 00 dc 67 eb 07 00 00 ...........g....
|
|
31 86 a7 39 5e cd 0e 00 08 09 0a 0b 0c 0d 0e 0f 1..9^...........
|
|
10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................
|
|
20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./
|
|
30 31 32 33 34 35 36 37 b4 04 01 00 06 00 00 00 01234567........
|
|
00 10 00 00 01 00 00 00 e8 40 00 00 .........@..
|
|
exit
|
|
2 received, 0 dropped
|
|
[root@cherry /root]# </tt>
|
|
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
This shows two packets. The first is an ICMP packet of Type 8 and
|
|
Code 0, a ping request. It is destined for cuke. The second is and
|
|
ICMP packet of Type 5 and Code 1 and ICMP Redirect. This is coming
|
|
from Mango, the gateway to the rest of the world.<br>
|
|
<br>
|
|
<p>Test your results: We didn't expect to see mango involved at
|
|
all, if we look at the ICMP Redirects being sent (using the <tt
|
|
class="PARAMETER"><i>-v</i></tt> switch), we can see that we're
|
|
being redirected to the 192.168.1.11 address, not rhubarb.</p>
|
|
|
|
<p>Apply results of test to hypothesis: If we're not sending our
|
|
traffic to the right gateway it will never get to the right place.
|
|
We should be able to solve this by adding a route to the
|
|
192.168.2.0/24 network on cherry (a quick check of working hosts
|
|
shows that this is the way they're configured). We'll probably want
|
|
to fix the bad route on mango as well.</p>
|
|
|
|
<p>Iterate as needed: Once we've made the change and tested it, we
|
|
know that it works and don't need to go any further.</p>
|
|
</blockquote>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="SECTION">
|
|
<h2 class="SECTION"><a name="AEN174">Author and License</a></h2>
|
|
|
|
<p>This document is a draft release of a section from a book called
|
|
"Networking Linux: A Practical Guide to TCP/IP" being published by
|
|
New Riders Publishing. This section is released under the OPL with
|
|
no further terms, the Free Software Foundation has agreed that this
|
|
constitutes a Free license. (Please see
|
|
<A HREF="http://www.opencontent.org">www.opencontent.org</A> and
|
|
<A HREF="http://www.gnu.org">www.gnu.org</A> for more information).</p>
|
|
|
|
<p>Because this document is a draft, there are likely errors,
|
|
typos, and the like. If you see anything that you think should be
|
|
changed, please let me know. I can be reached at
|
|
<A HREF="mailto:pate@gnu.org">pate@gnu.org</A>.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
<!-- *** BEGIN copyright *** -->
|
|
<P> <hr> <!-- P -->
|
|
<H5 ALIGN=center>
|
|
|
|
Copyright © 2000, Pat Eyler<BR>
|
|
Published in Issue 57 of <i>Linux Gazette</i>, September 2000</H5>
|
|
<!-- *** END copyright *** -->
|
|
|
|
<!--startcut ==========================================================-->
|
|
<HR><P>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="eyler.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue57/eyler2.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../faq/index.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="feenberg.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</BODY></HTML>
|
|
<!--endcut ============================================================-->
|