1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
The Software Porting And Archive Centre for HP-UX, at
http://hpux.csc.liv.ac.uk/
(and with mirrors in various countries, listed on the Centre's home
page) has ported versions, in both source and binary form, for Ethereal,
as well as for the "libpcap", GLib, GTK+, "zlib", and CMU SNMP libraries
that it uses.
The changes they've made appear largely to be compile option changes; if
you've downloaded the source to the latest version of Ethereal (the
version on the Centre's site may not necessarily be the latest version),
it should be able to compile, perhaps with those changes.
They appear to have used HP-UX's "cc" compiler, with the options "-Ae
-O"; there's a comment "Add -Dhpux_9 if building under 9.X". It may
also build with GCC.
If you want to use Ethereal to capture packets, you will have to install
"libpcap"; the INSTALL file for "libpcap" has several comments about
HP-UX, which you should read if you're going to install and use
"libpcap" on HP-UX.
Another note, from a mail message to the "ethereal-users" list:
Date: Wed, 22 Dec 1999 09:05:47 -0600 (EST)
From: Gerald Combs <gerald@zing.org>
To: Lothar Seitter <lothar.seitter@arcormail.de>
cc: ethereal-users@zing.org
Subject: Re: [ethereal-users] permission problem with capturing
On Wed, 22 Dec 1999, Lothar Seitter wrote:
> running 'ethereal' under HP-UX 11 with root permission and
> /dev/lan0 set to 777, I always get the message:
> "There are no network interfaces that can be opened.
> Please to make sure you have sufficient permission to
> capture packets."
>
> I start ethereal with 'etheral -i lan0' and lan0 is definitely
> the lan interface.
>
> What am I missing???
You may need to reference the card's DLPI device directly. We were having
trouble getting Ethereal to capture on an HP-UX 10.20 machine here. I
found an article on Deja News that says:
"To access a particular interface, you would say "tcpdump -i /dev/dlpiN"
where N is the PPA of the interface you wish to use. You get the PPA by
looking at the output of lanscan. On 10.20, it is the same value as the
NMID. On 11.X, it is the Card Instance number."
This didn't help in our case, but it might in yours. The full article is
at http://x34.deja.com/[ST_rn=ps]/getdoc.xp?AN=549366486 .
Another article by the same author mentions that experimental versions of
libpcap and tcpdump are available at
ftp://ftp.cup.hp.com/dist/networking/tools/ . The article itself is at
http://x34.deja.com/[ST_rn=ps]/getdoc.xp?AN=558665378 .
The first of those articles also says:
BTW, before you have to make a follow-up post, you will find that
unless you have the latest lan common/DLPI/driver patches installed,
you will _not_ see the system's own outbound traffic.
It appears that a consequence of the fact that HP-UX's DLPI doesn't work
like Solaris's, in that, on Solaris, to get at the device "hme0", say,
"libpcap" has to open "/dev/hme" and then tell it to use the 0th
interface, whilst on HP-UX you have to go through "/dev/dlpi", you won't
get a list of interfaces in the dialog box for "Capture:Start" - you'll
have to do through the aforementioned song and dance to find the PPA of
the interface you want to use, and supply the "dlpiN" name by hand (I
think you can omit the "/dev/" in both "tcpdump" and Ethereal).
It looks as if vanilla "libpcap-0.4" will use various DLPI calls to get
the PPA on systems such as HP-UX 10.x that have DL_HP_PPA_ACK_OBS
defined, and will try to dredge it out of the kernel on HP-UX 9.x - but
if 11.x doesn't define DL_HP_PPA_ACK_OBS, it will do neither on 11.x,
which may mean you're stuck with the "dlpiN" hack on 11.x, at least
until somebody indicates how to get the PPA on 11.x. (Given the comment
about the PPA:
You get the PPA by looking at the output of lanscan. On 10.20,
it is the same value as the NMID. On 11.X, it is the Card
Instance number.
in Rick's posting, it may well be that the code has to do something
different on 11.x.)
The experimental stuff to which the second article refers is a STREAMS
module that implements BPF-style filtering and buffering, an
experimental version of "libpcap-0.4" that pushes that STREAMS module,
and source to "tcpdump-3.4".
The STREAMS module is in source form - no binary has been provided.
It's in
ftp://ftp.cup.hp.com/dist/networking/tools/bpfmod/bpfmod_0.1.tar.gz
"libpcap" and "tcpdump" are in both source and binary form; they're in
ftp://ftp.cup.hp.com/dist/networking/tools/bpfmod/tcpdump_bpfmod.tar.gz
NOTE: the "libpcap" source has "pcap-bpfmod.c" and "pcap-dlpi.c" and
"pcap-dlpi.c.real".
"pcap-dlpi.c.real" appears to be the "libpcap-0.4" "pcap-dlpi.c"
modified to push the BPF STREAMS module but not to do anything with it.
"pcap-dlpi.c" is the same as "pcap-bpfmod.c".
"pcap-bpfmod.c"/"pcap-dlpi.c" appears to have had a pile of stuff
removed (e.g., the SunOS 5/Solaris support), and stuff added to push the
BPF STREAMS module - however, it doesn't appear to include anything to
hand the BPF filter to the STREAMS module or otherwise use it.
|
