quick primer to packet tracing/logging/sniffing in hpux. "nettl" network tracing and logging, no need for tcpdump (even though it's probably better).
get status on trace or logging:
/usr/sbin/nettl -status [log |trace |all]
start/stop trace:
nettl -tn pduin pduout loopback -e all -tracemax 65536 -f /tmp/me
nettl -tf -e all
the output file can be opened in wireshark/ethereal.
format commands
netfmt -vf nettl.LOG000 > /tmp/nettl.txt
netfmt -nl1f me.TRC000 > me.out
combine both nettl and netfmt to filter results:
add a filter to ~/.netfmtrc like the following for dns
filter tcp_sport 53
filter tcp_dport 53
filter udp_sport 53
filter udp_dport 53
then start the trace (be sure to turn off):
nettl -tn pduin pduout -e ns_ls_ip | netfmt -1
or
nettl -tn pduin pduout -e ns_ls_ip -m 250 -ks 10M -us 30M -nk 5 -nu 5 | netfmt -1
turn it off again, even if control-c (intr) was used:
nettl -tf -e all
tui/gui:
nettladm