HPE Community
Operating System - HP-UX
1753819 Members
9059 Online
108805 Solutions
New Discussion юеВ

Re: nettladm to capture data on single port

 
SOLVED
Go to solution
Ted Ellis_2
Honored Contributor

тАО09-30-2005 10:42 AM

тАО09-30-2005 10:42 AM

nettladm to capture data on single port

I have a request to collect/report on data transmitted across port 26204, which is used to transmit information for a particular application. How would I configure nettladm to filter information at this level? Or is there a better tool to use?
0 Kudos
9 REPLIES 9
Nemer_1
Regular Advisor

тАО09-30-2005 08:45 PM

тАО09-30-2005 08:45 PM

Re: nettladm to capture data on single port

Hi Ted,

to collect data transmitted across specific port, you need to start tracing on data across that port. to do so :

first: start the nettladm, then choose traceing subsystem from the list menu.

select the appropriate subsystem (NS_LS_TCP or NS_LS_UDP)from the subsystems listed. from the action menu choose modify tracing.

in the modify tracing set the "Include in Tracing" to "yes", check the "Incomming Protocol Data Unit" and "Outgoing Protocol Data Unit" as appropriate.

in the "Specify Filter (Optional)" specify your source/destination ip/port. then click on "ok"

After that you have to start the configured tracing from the Action menu.

Note: * You can control the trace file size & location from "Modify Startup Parameters" in the Action Menu.
** To create a report from the collected data use Create report from File menu.
*** to stop tracing, choose stop tracing from Action menu. and toggle the "Include in Trace" to No in "Modify tracing"

Regards


0 Kudos
rick jones
Honored Contributor

тАО10-03-2005 04:41 AM

тАО10-03-2005 04:41 AM

Solution

Re: nettladm to capture data on single port

You can also install tcpdump from the HP Internet Express bundle (software.hp.com) and say:

tcpdump -i -w port

and later post-process the file via:

tcpdump -r

and/or use any of the tools that know how to read a tcpdump trace.

Another consideration, albeit with at least as much overhead if not possibly more, is to use tusc to system call trace the specific application - that will of course not give you the TCP/IP/Ethernet headers, but you can still see the application data, and get some idea of what the application does with the data.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Hazem Mahmoud_3
Respected Contributor

тАО10-03-2005 05:12 AM

тАО10-03-2005 05:12 AM

Re: nettladm to capture data on single port

Ted,
I have just started using Snort on HP-UX and find it to be a great and easy tool to use. You can get Snort (and also download pcre-6.2) from the HP-UX porting and archiving center. You will also need libpcap. The install takes less than a minute for all 3. Then you can simply do:
snort -vde port 26204
You can also pipe that into a file. Snort has many powerful features that you might find useful. Here are the links to the 3 downloads:
snort:
http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/snort-2.3.3/
pcre:
http://hpux.cs.utah.edu/hppd/hpux/Languages/pcre-6.2/
libpcap:
http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/libpcap-0.9.3/

HTH
-Hazem
0 Kudos
Ted Ellis_2
Honored Contributor

тАО10-04-2005 07:48 AM

тАО10-04-2005 07:48 AM

Re: nettladm to capture data on single port

this system is HPUX 11.0. I would like to grab a pre-compiled version or depot for installation. the sites listed here only have packages for 11.11. Anyone know where to locate 11.0 ones?
0 Kudos
rick jones
Honored Contributor

тАО10-04-2005 07:51 AM

тАО10-04-2005 07:51 AM

Re: nettladm to capture data on single port

tcpdump and libpcap sources from www.isc.org will likely compile and run just fine on 11.0 - I used to build them on 11.0 with the HP compilers.

If you haven't done so already, getting started on an OS upgrade might not be a bad idea. If you can jump all the way up to 11.23 (11iv2) that would be best, but going to 11.11 (11iv1) would be better than nothing.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Arunvijai_4
Honored Contributor

тАО10-04-2005 03:36 PM

тАО10-04-2005 03:36 PM

Re: nettladm to capture data on single port

You can use TCPDUMP, Ethereal for capturing and analysis. For 11.0, you need to download source code and compile yourself.

www.tcpdump.org
www.ethereal.com

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Biswajit Tripathy
Honored Contributor

тАО10-04-2005 06:05 PM

тАО10-04-2005 06:05 PM

Re: nettladm to capture data on single port

Ofcourse, another option would be to use
HP-UX IPFilter. Takes 10 seconds to configure
it for the logging you want. If you are using
HP-UX 11i v2, it would be already installed
on your system.

- Biswajit
:-)
0 Kudos
Ted Ellis_2
Honored Contributor

тАО10-05-2005 08:10 AM

тАО10-05-2005 08:10 AM

Re: nettladm to capture data on single port

thanks all... I have compiled tcpdump successfully. No more replies required
0 Kudos
Ted Ellis_2
Honored Contributor

тАО10-05-2005 08:13 AM

тАО10-05-2005 08:13 AM

Re: nettladm to capture data on single port

solution in hand
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.