SUMMARY - etherfind(8) half deaf?
Tony Mountifield
mwuk!tony at relay.eu.net
Thu Jan 3 20:16:50 AEST 1991
In article <916 at brchh104.bnr.ca> I wrote:
>I have tried to use etherfind(8) on our Sun-3/80 (SunOS 4.0.3_EXPORT) to
>monitor incoming/outgoing packets to/from the Sun itself ('mwuk'):
>
> etherfind -v -i le0 -host mwuk
>
>Etherfind seems to display ARP packets in both directions, but only
>incoming TCP packets, not outgoing TCP packets. It behaves the same
>whether or not I have etherd running. Is this a bug/limitation or am I
>doing something wrong?
Thanks to all who replied by E-mail to this question. The consensus seems
to be that etherfind(8) uses the Network Interface Tap NIT(4P), which is
unable to monitor outgoing packets, only incoming ones. To monitor both
directions between two machines, I have to run etherfind on a third
machine.
Responses were received from the following:
Pawan Misra <pawan at maths.bath.ac.uk>
Russ Poffenberger <poffen at sj.ate.slb.com>
Denis DeLaRoca <delaroca at sakabu.oac.ucla.edu>
Rohit Aggarwal {Sun Microsystems} <rohit at monsoon.corp.sun.com>
Joe Van Andel <vanandel at stout.atd.ucar.edu>
Daniel Trinkle <trinkle at cs.purdue.edu>
Barry A. Boes <boes at corona.itd.msstate.edu>
Finally, is there an alternative monitoring program which does not use
NIT, and *is* able to observe outgoing packets also?
Tony Mountifield
MAIL: tony at mwuk.uucp
INET: tony%mwuk.uucp at ukc.ac.uk
UUCP: ...!mcsun!ukc!mwuk!tony
More information about the Comp.sys.sun
mailing list