tony@relay.eu.net (Tony Mountifield) (01/03/91)
In article <916@brchh104.bnr.ca> I wrote: >I have tried to use etherfind(8) on our Sun-3/80 (SunOS 4.0.3_EXPORT) to >monitor incoming/outgoing packets to/from the Sun itself ('mwuk'): > > etherfind -v -i le0 -host mwuk > >Etherfind seems to display ARP packets in both directions, but only >incoming TCP packets, not outgoing TCP packets. It behaves the same >whether or not I have etherd running. Is this a bug/limitation or am I >doing something wrong? Thanks to all who replied by E-mail to this question. The consensus seems to be that etherfind(8) uses the Network Interface Tap NIT(4P), which is unable to monitor outgoing packets, only incoming ones. To monitor both directions between two machines, I have to run etherfind on a third machine. Responses were received from the following: Pawan Misra <pawan@maths.bath.ac.uk> Russ Poffenberger <poffen@sj.ate.slb.com> Denis DeLaRoca <delaroca@sakabu.oac.ucla.edu> Rohit Aggarwal {Sun Microsystems} <rohit@monsoon.corp.sun.com> Joe Van Andel <vanandel@stout.atd.ucar.edu> Daniel Trinkle <trinkle@cs.purdue.edu> Barry A. Boes <boes@corona.itd.msstate.edu> Finally, is there an alternative monitoring program which does not use NIT, and *is* able to observe outgoing packets also? Tony Mountifield MAIL: tony@mwuk.uucp INET: tony%mwuk.uucp@ukc.ac.uk UUCP: ...!mcsun!ukc!mwuk!tony