Ethereal-users: RE: [Ethereal-users] Nettl trace files from hpux.
Guy,
I tried the recommended nettl command line instruction, and it does work. I
fear that this command does strip a lot of the traffic though and when I
recieve nettl trace files from customers they have not run this command
line. Ah well, maybe I should request an enhancement request : )
Thanks for your help,
Shane Hjorth
> -----Original Message-----
> From: Guy Harris [mailto:guy@xxxxxxxxxx]
> Sent: Tuesday, May 22, 2001 2:36 PM
> To: HJORTH,SHANE (HP-Australia,ex2)
> Cc: 'Guy Harris'; 'ethereal-users@xxxxxxxxxxxx'
> Subject: Re: [Ethereal-users] Nettl trace files from hpux.
>
>
> > This was my thought as well. It looks like TCP packets
> aren't handled. I was
> > just wondering if anybody else has tried ethereal to read
> nettl trace files
> > successfully.
>
> As far as I know, Olivier Abad, the person who contributed the nettl
> code, has gotten Ethereal to read at least *some* nettl files
> successfully.
>
> The "README.hpux" file on the Ethereal source says:
>
> nettl is used on HP-UX to trace various streams based
> subsystems. Ethereal can read nettl files containing IP frames
> (NS_LS_IP subsystem) and LAPB frames (SX25L2 subsystem). It has
> been tested with files generated on HP-UX 9.04 and 10.20.
>
> Use the following commands to generate a trace (cf. nettl(1M)):
>
> # IP capture. 0x30000000 means PDU in and PDU out :
> nettl -tn 0x30000000 -e NS_LS_IP -f tracefile
> # X25 capture. You must specify an interface :
> nettl -tn 0x30000000 -e SX25l2 -d /dev/x25_0 -f tracefile
> # stop capture. subsystem is NS_LS_IP or SX25L2 :
> nettl -tf -e subsystem
>
> One may be able to specify "-tn pduin pduout" rather than "-tn
> 0x30000000"; the nettl man page for HP-UX 10.30 implies that it
> should work.
>
> I think he added support for HP-UX 11.00 after that comment
> was put in.
>
> As the comment says, "Ethereal can read nettl files
> containing IP frames
> (NS_LS_IP subsystem) and LAPB frames (SX25L2 subsystem)." A recent
> checking also added "Support for the BASE100 and GSC100BT subsystems",
> but I don't know what "-e" flags you'd give to get frames from them -
> perhaps "-e BASE100" and "-e GSC100BT". I also don't know what other
> command-line flags would be needed.
>
> nettl files containing records from other subsystems can't be read.
>
> > Thats a pity, I only mention this because in the 0.8.18
> changelog there is a
> > mention of a hpux plugin
> > "The release adds IP fragment reassembly, plugin support on
> HPUX machines,
>
> That's not mentioning an "HP-UX plugin" in the sense of a
> plugin module
> that adds some sort of HP-UX support, it's mentioning that
> Ethereal now,
> on HP-UX, can load plugin packet dissector modules (which are the only
> types of plugins Ethereal currently supports).
>
> Ethereal comes with two plugins - for MGCP and the protocol
> used by the
> Gryphon device sold by the Dearborn Group. Those plugins aren't HP-UX
> specific - they're just modules that dissect the two protocols in
> question.
>