My previous post:
> I'm trying to use TCPDUMP on Digital UNIX 3.2D. I'm trying to determine what
> the hardware address of each machine that is sending a packet. The -e option
> that dumps the link level headers looks like it should work. On machines that
> are running DECNET, however, it is not dumping the hardware address but the
> physical address (incantation of DECNET address). This address can change
> easily and I want to be able to really link the packet to a machine. Can anyone
> help point me in the right direction? Something I'm missing in TCPDUMP? If
> there is some other package that can do the trick, pointers to those would be
> much appreciated as well.
Well my fears are confirmed. There isn't a way. (I was hoping for a few
tricks.) When you power up a node, the device controller's physical address
is initially set to the hardware address (manufacturer's permanent code).
When you startup DECNET, the physical address is reset to a new six-byte value
based on the DECNET node address (AA-00-04-00-hexnodeaddress). As everyone
knows, DECNET addresses are trival to change. This means that you don't really
know who the packets are coming from, only that they have a DECNET address of
area.nodenumber. If you've ever worked on a large network with multiple system
managers, you know how easy it is to get conflicting DECNET addresses. It's
also not good for network monitoring devices.
Thanks to all those who responded!!
Sheila
*******************************************************************************
** Sheila H. Franklin **
** Naval Surface Warfare Center Dahlgren Division **
** 17320 Dahlgren Road **
** Code N861 **
** Dahlgren, VA 22448-5000 **
** Phone: (540) 653-8705 **
** Internet: sfrankl_at_.nswc.navy.mil **
*******************************************************************************
Received on Tue Apr 09 1996 - 18:36:34 NZST