HPE Community
Operating System - HP-UX
1836623 Members
1751 Online
110102 Solutions
New Discussion

network-

 
SOLVED
Go to solution
so_2
Regular Advisor

‎06-06-2006 09:55 PM

‎06-06-2006 09:55 PM

network-

Hi gurus,

Please answer for my following queries.
1.How can we get the ip address of remote machines accessing my hp ux server and what applications each ip is accessing.
2.is there any way to analyse the data frame coming in or going out of the server?
3.Or is there any way to find the mac address of the incoming requests..?
thanks in advance...
s.o
0 Kudos
Reply
5 REPLIES 5
Arunvijai_4
Honored Contributor

‎06-06-2006 10:02 PM

‎06-06-2006 10:02 PM

Solution

Re: network-

Hi S.O,

1) You can do it by # who -T and # whodo commands

2) Use packet sniffers like TCPDUMP or Ethereal. Both are part of Internet express package http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

3) arp -a

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
so_2
Regular Advisor

‎06-07-2006 01:57 AM

‎06-07-2006 01:57 AM

Re: network-

Hi Arun

your answeres are excellent. I would like to askone more doubt to you. who -T is giving ip address but how can i know that what port the request from these ip machines are accessing?
Hope you could give me the answer for this either..

Thanks again and assigning the points.

s.o
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎06-07-2006 02:06 AM

‎06-07-2006 02:06 AM

Re: network-

Hi S.O,

To get the port details, you have use another tool, lsof

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/lsof-4.77/

Also, netstat -na |grep -E will give some details.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Peter Godron
Honored Contributor

‎06-07-2006 03:28 AM

‎06-07-2006 03:28 AM

Re: network-

Hi,
you can also try the binary version from:
http://the-other.wiretapped.net/security/host-security/lsof/binaries/hpux/B.11.11/

0 Kudos
Reply
rick jones
Honored Contributor

‎06-07-2006 12:40 PM

‎06-07-2006 12:40 PM

Re: network-

The "who" stuff will show users to actually login to the machine, but not necessarily those accessing via stuff other than telnet/rlogin/ssh.

The arp -a (or arp -an to avoid the DNS lookups) will only show MAC address for systems in the same local LAN segment and who are _NOT_ using a router to get to your system. If the client is on the other side of a router, you will either see the client's IP associated with the router's MAC if you are using Proxy ARP, or you will not see the client's IP/MAC in the arp output at all.

That same restriction would apply to tcpdump and/or ethereal - for remote clients, the MAC one will see will be the MAC of the router.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.