Path: utzoo!utgpu!cunews!bnrgate!brtph3!brchh104!brchs1!bnr.ca!rice!sun-spots-request From: sja@sirius.hut.fi (Sakari Jalovaara) Newsgroups: comp.sys.sun Subject: Re: Examining Ethernet Packets Keywords: Networks Message-ID: <260@brchh104.bnr.ca> Date: 16 Nov 90 12:05:00 GMT Sender: news@brchh104.bnr.ca Organization: Sun-Spots Lines: 36 Approved: Sun-Spots@rice.edu X-Original-Date: Sat, 27 Oct 90 15:10:57 +0200 X-Sun-Spots-Digest: Volume 9, Issue 363, message 4 X-Note: Submissions: sun-spots@rice.edu, Admin: sun-spots-request@rice.edu > Is there a package or tool available to examine tcp-ip ethernet > packets on Sun Workstations ? First, get RFC 1147 "NOCtools Network Management Tool Catalog" (eg. anonymous ftp uunet.uu.net rfc/rfc1147.Z.) This RFC lists both no-cost and commercial SW for network analysis. Some programs I have seen: nnstat (ftp venera.isi.edu) Versatile (and somewhat complex; you need to read the manual) statistics gathering package. nnstat works with "scripts" that tell it what kinds of statistics to collect. A sample script included with nnstat collects ethernet and TCP packet types, IP packet lengths, networks from/to which packets go, TCP port numbers and ICMP packet types. You can ask it stuff like "who sends broadcasts" and "which machines talk to the NFS port of host `foo'" and get packet counts and percentages of total traffic. tcpdump (ftp gatekeeper.dec.com, uunet.uu.net, wuarchive.wustl.edu) A la etherfind(8). Latest version is "March 3 1990"? Comes with a kernel patch for SunOS 4.0 (and 4.0.[13]?) traceroute (ftp zerkalo.harvard.edu, ftp.ee.lbl.gov, dopey.cs.unc.edu) Shows a trace of gateways through which a ping packet travels. Various versions for different OS's and OS versions (SunOS 3.5 and 4.0 with or without kernel patch, SunOS 4.1, ...) etherhostprobe (ftp spam.itstd.sri.com) Shows a map of corresponding ethernet/IP addresses (by "ping"ing a range of addresses and checking the arp cache...) None of these replace a real analyzer (these are simpler and work only on high-level packets) but can be useful in quick network checks - and the price is often right.