Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!uflorida!haven!uvaarpa!mcnc!decvax.dec.com!bacchus.pa.dec.com!mogul
From: mogul@wrl.dec.com (Jeffrey Mogul)
Newsgroups: comp.unix.ultrix
Subject: Re: Ultrix 4.0 Packet Filter Devices
Message-ID: <1990Sep21.010402.6587@wrl.dec.com>
Date: 21 Sep 90 01:04:02 GMT
References: <26592@boulder.Colorado.EDU>
Sender: news@wrl.dec.com (News)
Organization: DEC Western Research
Lines: 28

In article <26592@boulder.Colorado.EDU> giltner@snoopy.Colorado.EDU () writes:
>Has anyone written a nice Ethernet monitoring program using the packetfilter
>devices provided by Ultrix 4.0? Something like Sun Etherfind would be great.

Well, "tcpdump" (from the friendly folks at LBL) is apparently just like
Etherfind, only better.  I've provided them (LBL) with my changes that allow
it to run under Ultrix, and they are now in the process of putting together
a release.

I've done the same for "NNstat/statspy" from ISI (the ISI people are also
in the process of building a release), and "nfswatch" from SRI (which
is already available; try anon. FTP from gatekeeper.dec.com, file name
"pub/net/nfs/nfswatch.tar.Z").

Porting applications written for Sun's NIT facility to run using the
packet filter is pretty easy (in my opinion; of course, I've been
writing code for the packet filter for about 10 years).  Some day soon,
you'll be able to study my changes to tcpdump and to statspy, but until
those sources are released, the nfswatch sources should serve as an
example.

Actually, most of the work in porting these programs is not in changing
them to use the packet filter, but in fixing the byte-order bugs.

-Jeff

P.S.: If people seem interested, I'll post a small program that
demonstrates how to use the packet filter for network monitoring.