My many thanks to the responses:
Oisin McGuinness [oisin_at_sbcm.com]
Lucio Chiappetti [lucio_at_ifctr.mi.cnr.it]
Tim Hespe [t.hespe_at_unsw.edu.au]
The winning solution:
pfconfig +c +p tu0
It was also suggested to try flex rather than lex, and remove
multi-threading for NTOP. I am now working on those and will post a summary
once I have them working.
Turning the card int promiscuous mode. It was also suggested to
Ethereal (like other packet sniffers) won't pick up interesting packets
unless
a) PACKETFILTER is compiled into the kernel;
b) the /dev/pfilt special files have been made
c) the device has been put into promiscuous (so all packets can be seen)
and copyall mode (so packets for/to your own machine's applications will
be saved/copied to the packetfilter using application)
E.g.
pfconfig +c +p tu0
Details in README.tru64 in Ethereal distribution.
Anyway, ethereal 0.6.1 works for me, libpcap 0.4.
Oisin McGuinness
Sumitomo Bank Capital Markets
277 Park Avenue
New York NY 10172
USA
(212)-224-4913, email: oisin_at_sbcm.com
Original Post:
Ok, more information:
# netstat -rn
Routing tables
Destination Gateway Flags Refs Use Interface
Route Tree for Protocol Family 2:
default 153.107.36.1 UGS 28 7566873 alt0
127.0.0.1 127.0.0.1 UHL 10 138617 lo0
153.107.36/24 153.107.36.9 U 1 2771 alt0
153.107.36.9 153.107.36.9 UHL 0 52 alt0
# tcpdump host 153.107.36.9
tcpdump: listening on alt0
Using kernel BPF filter
0 packets + 1 discarded by interface
# netstat -rn
Routing tables
Destination Gateway Flags Refs Use Interface
Route Tree for Protocol Family 2:
default 153.107.36.1 UGS 28 7567606 alt0
127.0.0.1 127.0.0.1 UHL 10 138631 lo0
153.107.36/24 153.107.36.9 U 1 2771 alt0
153.107.36.9 153.107.36.9 UHL 0 52 alt0
#
This is simply not correct. Looks to me like either the packetfilter, or
tcpdump can not handle a DEGPA? Has anyone ever monitored a DEGPA? Note the
before and after use counts from netstat.....
Cheers,
Guy
-----Original Message-----
From: Loucks, Guy
Sent: Wednesday, October 25, 2000 2:19 PM
To: 'tru64-unix-managers_at_ornl.gov'
Subject: libpcap, ethereal, ntop not on DUX 5.0
People,
Has anyone had success with the later versions of:
etherreal
libpcap
ntop
on T64 v5.0A?
Etherreal compiled fine, but does not seem to understand a DEGPA, the only
packets we pick up are the lat packets (there are plenty of SNMP we are
interested in, the DEGPA light is blinking quite frequently <grin>)..
libpcap version 0.4 is the one we have been able to compile, 0.5 did not
like us, don't know if that is related to the above problem.
ntop, is just a disaster. After hacking various sections of code, changed:
ip_hl to ip_vhl,
th_off to th_xoff,
remove the ATM references,
it is then not happy with our libgdbm.... Could be libpcap again as well.
If anyone has any references or comments, or alternative network monitoring
suggestion, they would be most welcome.
Regs,
Guy
Guy R. Loucks
Senior Unix Systems Administrator
Networks Branch
NSW Department of Education & Training
Information Technology Bureau
Direct +61 2 9942 9887
Fax +61 2 9942 9600
Mobile +61 (0)429 041 186
Email guy.loucks_at_det.nsw.edu.au
Guy R. Loucks
Senior Unix Systems Administrator
Networks Branch
NSW Department of Education & Training
Information Technology Bureau
Direct +61 2 9942 9887
Fax +61 2 9942 9600
Mobile +61 (0)429 041 186
Email guy.loucks_at_det.nsw.edu.au
Received on Thu Oct 26 2000 - 04:24:02 NZDT