Showing results for 
Search instead for 
Did you mean: 

snoop the ethernet


snoop the ethernet


In HP-UX whats the quickest way to snoop ethernet traffic on a given interface say lan0 ?

I use snoop -d /dev/ce0 on a sun and it shows me all the pkts that i can capture to a file.

I'd like to use something bundled if possible.

Mel Burslan
Honored Contributor

Re: snoop the ethernet

I have never done this but if I am not mistaken, the free tool ethereal, which was once bundled in the HPUX Internet Express tools bundle is capable of doing this. But again, this is hear-say. I have never done this. It is quite an expensive endeavor to use an hpux server as a sniffer where you can put an old laptop loaded with linux and achieve the same functionality.

One thing to keep in mind, I read somewhere that on hpux, you can have only one promiscuous network interface on any given server. If for instance you are running tcpdump and ethereal at the same time, both will miserably fail.

This question is more of Rick Jones' domain than mine. I am sure he will post an answer when he has time checking the forums.
UNIX because I majored in cryptology...
Honored Contributor

Re: snoop the ethernet

not interface specific but the easiest way is to use nettl to trace all traffic and analyse it with wireshark.

Syntax depends on you OS version, examples below - this will catch all traffic on the machine or better will create huge files in no time!

START Trace:
/usr/sbin/nettl -tn 0x30800000 -e all -usize 1024 -tracemax 51200 -f /var/tmp/trace

>= 11.23)
/usr/sbin/nettl -tn 0x30800000 -e all -mem 10240 -tracemax 51200 -f /var/tmp/trace

STOP trace:
/usr/sbin/nettl -tf -e all

nettl -status TRACE

Wireshark is available here:

Honored Contributor

Re: snoop the ethernet

I use tcpdump for the quick and dirty, no need to open a X server:

Download from:
Windows?, no thanks
Bill Hassell
Honored Contributor

Re: snoop the ethernet

nettl is the standard HP tool for this but the formatter is primitive and virtually useless for troubleshooting network problems. The good news is that Wireshark (was called Ethereal years ago) runs on a PC and will display some 400+ logfiles from various network capture utilities, including nettl. It has numerous formatting and data representation modes as well as traffic analysis such as out of sequence errors.

Bill Hassell, sysadmin
Michael Leu
Honored Contributor

Re: snoop the ethernet