HPE Community
Operating System - HP-UX
1824169 Members
3335 Online
109669 Solutions
New Discussion юеВ

snoop the ethernet

 
bigdaddy68
Advisor

тАО04-18-2011 06:34 AM

тАО04-18-2011 06:34 AM

snoop the ethernet

Hi,

In HP-UX whats the quickest way to snoop ethernet traffic on a given interface say lan0 ?

I use snoop -d /dev/ce0 on a sun and it shows me all the pkts that i can capture to a file.

I'd like to use something bundled if possible.

thx
bigdaddy68
BigDaddy68
0 Kudos
Reply
5 REPLIES 5
Mel Burslan
Honored Contributor

тАО04-18-2011 06:47 AM

тАО04-18-2011 06:47 AM

Re: snoop the ethernet

I have never done this but if I am not mistaken, the free tool ethereal, which was once bundled in the HPUX Internet Express tools bundle is capable of doing this. But again, this is hear-say. I have never done this. It is quite an expensive endeavor to use an hpux server as a sniffer where you can put an old laptop loaded with linux and achieve the same functionality.

One thing to keep in mind, I read somewhere that on hpux, you can have only one promiscuous network interface on any given server. If for instance you are running tcpdump and ethereal at the same time, both will miserably fail.

This question is more of Rick Jones' domain than mine. I am sure he will post an answer when he has time checking the forums.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Stephan.
Honored Contributor

тАО04-18-2011 07:01 AM

тАО04-18-2011 07:01 AM

Re: snoop the ethernet

Hi,
not interface specific but the easiest way is to use nettl to trace all traffic and analyse it with wireshark.

Syntax depends on you OS version, examples below - this will catch all traffic on the machine or better will create huge files in no time!

START Trace:
11.11)
/usr/sbin/nettl -tn 0x30800000 -e all -usize 1024 -tracemax 51200 -f /var/tmp/trace

>= 11.23)
/usr/sbin/nettl -tn 0x30800000 -e all -mem 10240 -tracemax 51200 -f /var/tmp/trace

STOP trace:
/usr/sbin/nettl -tf -e all

Status
nettl -status TRACE

Wireshark is available here: http://www.wireshark.org/download.html

hth
Stephan
How to assign Points - Kudos - what, where, how, and why
New Forum Locations by ITRC Tree
New Forums Site Map
Want Good Answers? Ask Good Questions...
0 Kudos
Reply
likid0
Honored Contributor

тАО04-18-2011 07:07 AM

тАО04-18-2011 07:07 AM

Re: snoop the ethernet

I use tcpdump for the quick and dirty, no need to open a X server:

Download from:

http://hpux.connect.org.uk/hppd/hpux/Networking/Admin/tcpdump-4.1.1/
Windows?, no thanks
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО04-18-2011 07:59 AM

тАО04-18-2011 07:59 AM

Re: snoop the ethernet

nettl is the standard HP tool for this but the formatter is primitive and virtually useless for troubleshooting network problems. The good news is that Wireshark (was called Ethereal years ago) runs on a PC and will display some 400+ logfiles from various network capture utilities, including nettl. It has numerous formatting and data representation modes as well as traffic analysis such as out of sequence errors.

http://www.wireshark.org


Bill Hassell, sysadmin
0 Kudos
Reply
Michael Leu
Honored Contributor

тАО04-18-2011 04:26 PM

тАО04-18-2011 04:26 PM

Re: snoop the ethernet

HP-UX Internet Express also has tcpdump and wireshark:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1131
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.