Examining Ethernet Packets
Sakari Jalovaara
sja at sirius.hut.fi
Fri Nov 16 23:05:00 AEST 1990
> Is there a package or tool available to examine tcp-ip ethernet
> packets on Sun Workstations ?
First, get RFC 1147 "NOCtools Network Management Tool Catalog" (eg.
anonymous ftp uunet.uu.net rfc/rfc1147.Z.) This RFC lists both no-cost
and commercial SW for network analysis.
Some programs I have seen:
nnstat (ftp venera.isi.edu)
Versatile (and somewhat complex; you need to read the manual)
statistics gathering package. nnstat works with "scripts"
that tell it what kinds of statistics to collect. A sample
script included with nnstat collects ethernet and TCP packet
types, IP packet lengths, networks from/to which packets go,
TCP port numbers and ICMP packet types. You can ask it stuff
like "who sends broadcasts" and "which machines talk to the
NFS port of host `foo'" and get packet counts and percentages
of total traffic.
tcpdump (ftp gatekeeper.dec.com, uunet.uu.net, wuarchive.wustl.edu)
A la etherfind(8). Latest version is "March 3 1990"?
Comes with a kernel patch for SunOS 4.0 (and 4.0.[13]?)
traceroute (ftp zerkalo.harvard.edu, ftp.ee.lbl.gov, dopey.cs.unc.edu)
Shows a trace of gateways through which a ping packet travels.
Various versions for different OS's and OS versions (SunOS 3.5
and 4.0 with or without kernel patch, SunOS 4.1, ...)
etherhostprobe (ftp spam.itstd.sri.com)
Shows a map of corresponding ethernet/IP addresses (by
"ping"ing a range of addresses and checking the arp cache...)
None of these replace a real analyzer (these are simpler and work only on
high-level packets) but can be useful in quick network checks - and the
price is often right.
More information about the Comp.sys.sun
mailing list