Examining Ethernet Packets

Sakari Jalovaara sja at sirius.hut.fi
Fri Nov 16 23:05:00 AEST 1990


> Is there a package or tool available to examine tcp-ip ethernet
> packets on Sun Workstations ?

First, get RFC 1147 "NOCtools Network Management Tool Catalog" (eg.
anonymous ftp uunet.uu.net rfc/rfc1147.Z.)  This RFC lists both no-cost
and commercial SW for network analysis.

Some programs I have seen:

nnstat (ftp venera.isi.edu)
	Versatile (and somewhat complex; you need to read the manual)
	statistics gathering package.  nnstat works with "scripts"
	that tell it what kinds of statistics to collect.  A sample
	script included with nnstat collects ethernet and TCP packet
	types, IP packet lengths, networks from/to which packets go,
	TCP port numbers and ICMP packet types.  You can ask it stuff
	like "who sends broadcasts" and "which machines talk to the
	NFS port of host `foo'" and get packet counts and percentages
	of total traffic.

tcpdump (ftp gatekeeper.dec.com, uunet.uu.net, wuarchive.wustl.edu)
	A la etherfind(8).  Latest version is "March 3 1990"?
	Comes with a kernel patch for SunOS 4.0 (and 4.0.[13]?)

traceroute (ftp zerkalo.harvard.edu, ftp.ee.lbl.gov, dopey.cs.unc.edu)
	Shows a trace of gateways through which a ping packet travels.
	Various versions for different OS's and OS versions (SunOS 3.5
	and 4.0 with or without kernel patch, SunOS 4.1, ...)

etherhostprobe (ftp spam.itstd.sri.com)
	Shows a map of corresponding ethernet/IP addresses (by
	"ping"ing a range of addresses and checking the arp cache...)

None of these replace a real analyzer (these are simpler and work only on
high-level packets) but can be useful in quick network checks - and the
price is often right.



More information about the Comp.sys.sun mailing list