Re: solaris loopback

[Rick Jones <raj () tardy cup hp com>]

> Is it possible to do packet capture using the loopback device on
> solaris(dlpi)? I tried passing /dev/lo0 and got a pcap error: /dev/lo:
> No such file or directory. I see that the ethernet device /dev/hme0 is
> symbolically linked from /dev/hme -> /devices/pseudo/<some dev file> but
> this is not the case with the loopback lo0. 
 
Given that lo0 is unlikely to be a DLPI device, it follows that it
wold not work with tcpdump under Solaris (nor HP-UX for that matter -
the two OSes TCP/IP stacks are distant "cousins").
 
Traffic sourced from and destined to a local IP may be similarly
unavailable - on HP-UX at least the TCP/IP stack notices that the
destination IP is local and the traffic won't even get to the NIC
driver.  On HP-UX there is an ndd tunable called ip_loopback_bypass
that one can tweak to force the local IP traffic into the driver and
thus past the tracing points.  I'm not sure if that came into the
stack after the Solaris stuff went its own way, but you might check
that.
 
However, that still won't do anything directly for loopback.  You
_might_ be able to manipulate the routes so that traffic for 127.0.0.1
is directed to one of your local IP's, and then set that flag and in
that way be able to see 127.0.0.1 traffic.
 
rick jones
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe