> "Deighan, Richard - GCP" <radeighan@xxxxxxxxxxxxx> writes:
> > We have two HP3000's running MPE, and there's a lot of terminal traffic done
> > with NS/VT (an old, proprietary HP protocol).
> > I've discovered that this protocol seems to fly right under the capture. I
> > don't even see these packets in a straight tcpdump.
> > Anyone have any suggestions on how I can monitor this traffic (with
> > ethereal, preferably)
>
> If you dont see it with tcpdump, that probably means that it's not IP
> based.
"Don't see it" in what sense?
tcpdump can *see* non-IP packets, in the sense that the libpcap library
that it *and* Ethereal use can pass those packets up from the OS's raw
packet capture mechanism, and in the sense that most OS raw packet
capture mechanisms can hand those packets up to userland; heck, it can
even *dissect* some non-IP packets. It can't dissect NS/VT traffic, but
it should at least report it as Ethernet or IEEE 802.3 traffic.
If the traffic doesn't show up *at all*, the next question to ask is
whether any *other* traffic to or from those HP 3000's shows up in
captures; if not, the next questions to ask are
1) Are tcpdump or Ethereal running on one of the machines
talking to either of the HP 3000's?
2) If not, is this a switched network, so that traffic to and
from the HP 3000's might not show up on the network segment
to which the machine running tcpdump and Ethereal is
connected?