Packet tracing in HPUX

quick primer to packet tracing/logging/sniffing in hpux.  "nettl" network tracing and logging, no need for tcpdump (even though it's probably better).

get status on trace or logging:
/usr/sbin/nettl -status [log |trace |all]

start/stop trace:
nettl -tn pduin pduout loopback -e all -tracemax 65536 -f /tmp/me
nettl -tf -e all

the output file can be opened in wireshark/ethereal.

format commands
netfmt -vf nettl.LOG000 > /tmp/nettl.txt
netfmt -nl1f me.TRC000 > me.out

combine both nettl and netfmt to filter results:
add a filter to ~/.netfmtrc like the following for dns
filter tcp_sport 53
filter tcp_dport 53
filter udp_sport 53
filter udp_dport 53

then start the trace (be sure to turn off):
nettl -tn pduin pduout -e ns_ls_ip | netfmt -1
nettl -tn pduin pduout -e ns_ls_ip -m 250 -ks 10M -us 30M -nk 5 -nu 5 | netfmt -1

turn it off again, even if control-c (intr) was used:
nettl -tf -e all


No comments: