(Redirected to "[EMAIL PROTECTED]"; the Tcpdump Group, at
tcpdump.org, now maintain and develop tcpdump and libpcap. Your mail
was, I think, forwarded to that group by LBL's mail server.)
> I read in your INSTALL and README notes, that I need an optional
> streams package to run (and install) libpcap under HP-UX 9.03. I'm not
> sure if this is still available from HP... are there any work-arounds?
None that I know of - the packet capture mechanism libpcap uses on HP-UX
is the DLPI mechanism, which is a STREAMS-based mechanism, so you *must*
have STREAMS on your machine. I don't know of any other packet capture
mechanism for HP-UX.
> Can I just run tcpdump without this?
You can (although you may have to change the Makefile by hand after
running configure, or otherwise manually intervene in the configuration
process), but the resulting tcpdump won't be able to capture packets,
it'll just be able to read capture files and print the packets. (I.e.,
you'd have to configure it to use the "pcap-null.c" file, rather than
"pcap-dlpi.c"; "pcap-null.c" is a "capture" module for use on systems
that don't have a packet capture mechanism that libpcap supports.)
> Also, the libpcap INSTALL also mentioned that HP-UX prevents outgoing
> packets from being captured; is this always true or will tcpdump still
> be able to do this...
Here are some notes from the Ethereal "README.hpux" (which we should
probably put into a libpcap "README.hpux") on getting HP-UX to allow
outgoing packets to be captured.
They indicate that you cannot get HP-UX 9.x to do so, that you have to
tweak a kernel variable to get HP-UX 10.x to do so, and that HP-UX 11.x
should do so by default (if you've installed the right patches; I don't
know what the right versions of those patches would be):
------------------------------Note starts here---------------------------------
Note that packet-capture programs such as Ethereal/Tethereal or tcpdump
may, on HP-UX, not be able to see packets sent from the machine on which
they're running. Some articles on Deja.com discussing this are:
http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=558092266
which says:
Newsgroups: comp.sys.hp.hpux
Subject: Re: Did someone made tcpdump working on 10.20 ?
Date: 12/08/1999
From: Lutz Jaenicke <[EMAIL PROTECTED]>
In article <82ks5i$5vc$[EMAIL PROTECTED]>, mtsat <[EMAIL PROTECTED]>
wrote:
>Hello,
>
>I downloaded and compiled tcpdump3.4 a couple of week ago. I tried to use
>it, but I can only see incoming data, never outgoing.
>Someone (raj) explained me that a patch was missing, and that this patch
>must me "patched" (poked) in order to see outbound data in promiscuous mode.
>Many things to do .... So the question is : did someone has already this
>"ready to use" PHNE_**** patch ?
Two things:
1. You do need a late "LAN products cumulative patch" (e.g. PHNE_18173
for s700/10.20).
2. You must use
echo 'lanc_outbound_promisc_flag/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem
You can insert this e.g. into /sbin/init.d/lan
Best regards,
Lutz
and
http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=586287166
which says:
Newsgroups: comp.sys.hp.hpux
Subject: Re: tcpdump only shows incoming packets
Date: 02/15/2000
From: Rick Jones <[EMAIL PROTECTED]>
Harald Skotnes <[EMAIL PROTECTED]> wrote:
> I am running HPUX 11.0 on a C200 hanging on a 100Mb switch. I have
> compiled libpcap-0.4 an tcpdump-3.4 and it seems to work. But at a
> closer look I only get to see the incoming packets not the
> outgoing. I have tried tcpflow-0.12 which also uses libpcap and the
> same thing happens. Could someone please give me a hint on how to
> get this right?
Search/Read the archives ?-)
What you are seeing is expected, un-patched, behaviour for an HP-UX
system. On 11.00, you need to install the latest lancommon/DLPI
patches, and then the latest driver patch for the interface(s) in use.
At that point, a miracle happens and you should start seeing outbound
traffic.
[That article also mentions the patch that appears below.]
and
http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=586494200
which says:
Newsgroups: comp.sys.hp.hpux
Subject: Re: tcpdump only shows incoming packets
Date: 02/16/2000
From: Harald Skotnes <[EMAIL PROTECTED]>
Rick Jones wrote:
...
> What you are seeing is expected, un-patched, behaviour for an HP-UX
> system. On 11.00, you need to install the latest lancommon/DLPI
> patches, and then the latest driver patch for the interface(s) in
> use. At that point, a miracle happens and you should start seeing
> outbound traffic.
Thanks a lot. I have this problem on several machines running HPUX
10.20 and 11.00. The machines where patched up before y2k so did not
know what to think. Anyway I have now installed PHNE_19766,
PHNE_19826, PHNE_20008, PHNE_20735 on the C200 and now I can see the
outbound traffic too. Thanks again.
Another posting:
http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=457744130
indicates that you need to install the optional STREAMS product to do
captures on HP-UX 9.x:
Newsgroups: comp.sys.hp.hpux
Subject: Re: tcpdump HP/UX 9.x
Date: 03/22/1999
From: Rick Jones <[EMAIL PROTECTED]>
Dave Barr ([EMAIL PROTECTED]) wrote:
: Has anyone ported tcpdump (or something similar) to HP/UX 9.x?
I'm reasonably confident that any port of tcpdump to 9.X would require
the (then optional) STREAMS product. This would bring DLPI, which is
what one uses to access interfaces in promiscuous mode.
I'm not sure that HP even sells the 9.X STREAMS product any longer,
since HP-UX 9.X is off the pricelist (well, maybe 9.10 for the old 68K
devices).
Your best bet is to be up on 10.20 or better if that is at all
possible. If your hardware is supported by it, I'd go with HP-UX 11.
If you want to see the system's own outbound traffic, you'll never get
that functionality on 9.X, but it might happen at some point for 10.20
and 11.X.
rick jones
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
