kevin@vger.NBI.COM (Kevin Brooks) (03/08/88)
I'm in the process of looking into either building or purchasing a
tcp-ip network monitor. The question is does any one know of any
sources to a public domain monitor? I know of the pcip package
but I'm really looking for something to run on a UNIX based system.
I've heard some talk of a package called tcpdump? What does it do?
Is it public domain? Any help in this area would be most appreciated.
--
Kevin Brooks
Usenet: ...{pyramid!isieng}uunet|hao!nbires}!vger!kevinmicky@cunixc.cc.columbia.edu (Micky Liu) (05/31/89)
tcpdump is available in source from ftp.ee.lbl.gov by anonymous ftp,
but unless you have a Sun-3 with SunOS3.5 it is un-useable. If you
have SunOS4.0 you will need to do two things:
1) Install a kernel fix on Sun-3's (I think Sun-4's are okay).
The if_nit.o file is also at ftp.ee.lbl.gov.
2) Modify the source to work with Sun's new STREAMS based NIT
interface.
So now, if you have done step one, I will gladly send you my diffs
since I have already done step two. I cannot set up anonymous ftp
service, but I will mail my diffs until somebody is nice enough to
archive them...
More Notes...
1) Sun's NIT interface cannot always report on its outgoing traffic,
so don't think something is wrong if you don't see any.
2) The clock resolution on Sun-3's is pretty lame... 1/50 of a
second. If you have dollars for a nice protocol analyzer,
go for it!
Have Fun!
Micky Liu
arpa: micky@cunixc.cc.columbia.edu
uucp: ...!rutgers!columbia!cunixc!micky
bitnet: malua@cuvmcwoods@ncar.ucar.edu (Greg Woods) (06/02/89)
In article <1559@cunixc.cc.columbia.edu> micky@cunixc.cc.columbia.edu (Micky Liu) writes: > >tcpdump is available in source from ftp.ee.lbl.gov by anonymous ftp, >but unless you have a Sun-3 with SunOS3.5 it is un-useable. If you >have SunOS4.0 you will need to do two things: > > 1) Install a kernel fix on Sun-3's (I think Sun-4's are okay). > The if_nit.o file is also at ftp.ee.lbl.gov. > > 2) Modify the source to work with Sun's new STREAMS based NIT > interface. I got Micky's patches from him, applied them to the source from lbl, grabbed the nit_if.o module from lbl, rebuilt my kernel, remade tcpdump, and I now have a version of tcpdump that works on my 3/50 running 4.0.1 (thanks, guys!) I tried it out on a Sun-4, and it compiles and links fine but produces no output. I assume that I need a fixed nit_if.o for a Sun-4. Anybody got one? The only nuisance is that the makefile for the tcpdump source references a program called "flex" which is not a part of the Sun OS, so I had to grab those sources from lbl as well and make that program before I could get tcpdump to compile. A nuisance, but doable. Flex compiles without any trouble on both the Sun-3 and Sun-4 (running OS 4.0.1) If anybody wants to avoid this procedure, I have the Sun-3 binary available for anonymous FTP from ncar.ucar.edu (128.117.64.4), as pub/tcpdump.sun3.os4 You will need to remake your kernel with the nit_if.o from lbl before you will be able to use this binary. --Greg
leres@ace.ee.lbl.gov (Craig Leres) (06/02/89)
Micky Liu writes: > 2) The clock resolution on Sun-3's is pretty lame... 1/50 of a > second. If you have dollars for a nice protocol analyzer, > go for it! The Intersil ICM7170 chip Sun used is actually running at 100Hz. I've modified our SunOS 3.5 kernels to use it directly thus giving 10ms resolution. (As it turns out, the code that actually decodes the chip was so inefficient that rewriting it more than made up for the overhead of reading it twice as often.) If there's sufficient interest, I'll prepare some diffs. Craig
dan@charyb.COM (Dan Mick) (02/21/90)
I've got a program called tcpdump, written by Van Jacobsen at Lawrence Berkeley Laboratory, (mailadds supposedly van@lbl-csam.arpa or van@lbl-rtsg.arpa), that was distributed as compiled code for Sun-3 workstations. It's a really useful tcp packet-listener and dumper. However: I need a Sun-4 version pretty badly. Does anyone know if Van's still out there, how to reach those addresses from uunet, if there's a Sun-4 version of tcpdump, if there's a tool like tcpdump for the Sun-4, or any of that? What I'm really trying to do is track down some problems using tcp on a PC connected to the Sun-3, but apparently Sun's NIT won't track packets destined for the host upon which the program is running, so I can only see half the story, as there's only one Sun-3 on this net. However, there's a Sun-4, so if I could run tcpdump on the Sun-4, I could see traffic between Sun-3 and PC with no problem... If anyone's got any better ideas than tracking down Van and tcpdump0, I'm willing to listen, of course. Oh, also, we're a SunOS licensee, so if anyone has diffs for tcpdump (I understand it's derived from Sun's own etherfind), I could possibly apply them to the source we have and generate my own tcpdump. Any help much appreciated!
bigbroth@babcock.cerc.wvu.wvnet.edu (James M. Coleman) (02/22/90)
From article <370@charyb.COM>, by dan@charyb.COM (Dan Mick): > I've got a program called tcpdump, written by Van Jacobsen at Lawrence > Berkeley Laboratory, (mailadds supposedly van@lbl-csam.arpa or > van@lbl-rtsg.arpa), that was distributed as compiled code for Sun-3 > workstations. It's a really useful tcp packet-listener and dumper. > > However: I need a Sun-4 version pretty badly. Does anyone know if > Van's still out there, how to reach those addresses from uunet, > if there's a Sun-4 version of tcpdump, if there's a tool like tcpdump > for the Sun-4, or any of that? There is a fix for the SunOS 4 at the same site the main program is stored. If you need the internet address email and I'll send it. SunOS version 4 uses a new version of the Network Interface Tap (NIT) and this is why you are having problems. There is example code in the Sun manuals, I believe it is under nit or etherfind. By the way, you have to have root privledge to open the nit. Jim Coleman bigbroth@cerc.wvu.wvnet.edu
dan@charyb.COM (Dan Mick) (02/23/90)
In article <370@charyb.COM> I (uunet!charyb!dan) wrote: >I've got a program called tcpdump, written by Van Jacobsen at Lawrence >Berkeley Laboratory, (mailadds supposedly van@lbl-csam.arpa or >van@lbl-rtsg.arpa), that was distributed as compiled code for Sun-3 >workstations. It's a really useful tcp packet-listener and dumper. > >However: I need a Sun-4 version pretty badly. Does anyone know if >Van's still out there, how to reach those addresses from uunet, >if there's a Sun-4 version of tcpdump, if there's a tool like tcpdump >for the Sun-4, or any of that? Greg Earle has kindly informed me that SunOS 4.x's etherfind has most of the tcpdump stuff incorporated under its -v(erbose) option. It certainly does. THANKS, Greg! The way it reached me: uunet!poseur.jpl.nasa.gov!earle From Greg's .sig: earle@poseur.JPL.NASA.GOV (direct) earle@Sun.COM (indirect)
barmar@think.com (Barry Margolin) (02/24/90)
In article <372@charyb.COM> dan@charyb.UUCP (Dan Mick) writes: >Greg Earle has kindly informed me that SunOS 4.x's etherfind has most >of the tcpdump stuff incorporated under its -v(erbose) option. It >certainly does. THANKS, Greg! Etherfind is certainly better than nothing, and I use it quite a bit these days because so many of our systems are Sun-4's, but it's nowhere near as good as tcpdump. It doesn't do any decoding of NFS or Appletalk packets, for instance, and it doesn't translate port numbers to service names. It doesn't have as good a filter-specification language; for instance, tcpdump allows you to specify "port 2049" as an abbreviation for "(srcport 2049 or dstport 2049)". -- Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar
toivo@uniwa.uwa.oz (Toivo Pedaste) (08/01/90)
I'm runing tcpdump on a sun3 with sunos4. It seem to work fine apart from no showing DNS (port domain) request packets. It show the replies just fine but absolutely no requests. Any suggestions. -- Toivo Pedaste ACSNET: toivo@uniwa.uwa.oz WARCC, INTERNET: toivo@uniwa.uwa.oz.au University of Western Australia Phone: (09) 382 0245
mccanne@horse.ee.lbl.gov (Steven McCanne) (08/04/90)
In article <1990Aug1.094815.9462@uniwa.uwa.oz> toivo@uniwa.uwa.oz (Toivo Pedaste) writes: >I'm runing tcpdump on a sun3 with sunos4. It seem to work fine apart >from no showing DNS (port domain) request packets. This probably was due to a bug that we've fixed for the next release. If a protocol appeared twice in /etc/services, tcpdump would just pick the first one (i.e. 'domain 53/tcp' and 'domain 53/udp'). In the meantime, saying 'port 53' should work. Also, using '-d' might shed some light on what went wrong. Steve
root@siihp1.epfl.ch (02/22/91)
Does anybody knows about a program like etherfind or tcpdump
for hpux systems. thanks for your answers.
Claude Lecommandeur
Service Informatique Central
Ecole Polytechnique Federale de Lausanne
1015 LAUSANNE (SWITZERLAND)
E-Mail : lecom@sic.epfl.ch
Tel : (41 21) 693-45-86