nanog mailing list archives
Re: Network IP analysis?
From: "Perry E. Metzger" <perry () piermont com>
Date: Wed, 25 Jun 1997 12:35:36 -0400
John Hawkinson writes:
anything else. Best to do this on a box that does native BPF, though (asn an example SunOS does not do BPF and NIT can't handle the traffic without dropping most stuff).BPF support for SunOS has been avaialable for years.
At the present time, it is distributed as part of the ipmulti distribution (ftp://ftp.parc.xerox.com:/pub/net-research/ipmulti), and I believe that the LBL bpf distribution includes SunOS kernel .o files (ftp://ftp.ee.lbl.gov:/bpf.tar.Z).
Yes, I know, but it doesn't ship with SunOS. You are, of course, correct that you can add it with a little help from the net. It is very important to use BPF instead of NIT and its Solaris replacement (the name escapes me) if you expect to be able to keep up while monitoring the network. I've been able to record all the traffic on ethernets using even ancient slow PCs without dropping more than a trivial number of packets with BPF -- I've been unable to get even fast Suns to keep up with an ethernet. Perry
Current thread:
- more routes than normal Andrew Bangs (Jun 11)
- Re: more routes than normal Javier Gonzalez (Jun 11)
- Route leak (was Re: more routes than normal) Alex.Bligh (Jun 11)
- Network IP analysis? Bruce Potter (Jun 24)
- Re: Network IP analysis? Joe Shaw (Jun 24)
- Re: Network IP analysis? Perry E. Metzger (Jun 25)
- Re: Network IP analysis? John Hawkinson (Jun 25)
- Re: Network IP analysis? Perry E. Metzger (Jun 25)
- Re: Network IP analysis? Joe Shaw (Jun 24)
- Re: Network IP analysis? Daniel W McRobb (Jun 24)
- Re: Network IP analysis? Martin J. Hannigan (Jun 24)
- Re: Network IP analysis? (mrtg) John-David Childs (Jun 24)
- Re: Network IP analysis? Joe Shaw (Jun 25)
- Re: Network IP analysis? Michael Shields (Jun 25)
- <Possible follow-ups>
- Re: more routes than normal Alex Rubenstein (Jun 11)
- Re: more routes than normal Andrew Bangs (Jun 11)