Ethereal-users: Re: [Ethereal-users] Re: ethereal 8.11.0 interface question

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Craig Rodrigues <rodrigc@xxxxxxxxxxxx>
Date: Tue, 28 Nov 2000 20:48:15 -0500
On Tue, Nov 28, 2000 at 05:23:55PM -0800, Guy Harris wrote:
> Well, my first suggestion if "ask ethereal-users@xxxxxxxxxxxx, because I
> don't have an AIX machine handy, much less one with token ring, and
> somebody such as Craig Rodrigues, even though he's not working with AIX
> any more, as I remember, might be more familiar with it".

Oops....I hear my name....;)  Man, AIX is like a bad flashback....it
keeps coming back to haunt me....and the memories are always painful. :)
 
> I think libpcap, by default, doesn't use DLPI on AIX (I think it'll find
> a "/dev/bpf0", and conclude that it should use BPF), so it won't try to
> use a "/dev/tr" or a "/dev/tr0" device.  BPF isn't a normal BPF on AIX,
> and isn't supported by IBM - it's there only for IBM's hacked-up
> tcpdump, and IBM have yet to see fit to supply to the maintainers of
> libpcap any changes to allow standard tcpdump, or any other programs
> that use libpcap, to use it.  It may or may not work correctly.
> 
> You can use the
> 
> 	--with-pcap=dlpi
> 
> argument to libpcap's configure script to force it to use DLPI; however,
> the current version of libpcap (0.5.2) doesn't include Craig's changes
> to fix some problems, so I'm not sure it'll work, either.
> 
> The current CVS version of libpcap does have his changes; see
> www.tcpdump.org, under "Current Tar files".
> 
> Does your AIX machine have neither a "/dev/tr" nor a "/dev/tr0"?  If
> not, then DLPI probably won't work; however, I have no idea why those
> devices would be missing - you'd have to ask somebody familiar with AIX
> to help you there, which is why I'm CCing "ethereal-users".

Basically, everything that Guy wrote is right....my AIX memory
fades me.  bpf under AIX is totally brain-dead and only supports
IBM's hacked and closed source version of tcpdump.  Best to avoid /dev/bpf0
like the plague.

As Guy mentioned, get the latest version of libpcap from the CVS
repository at tcpdump.org, and read the README.aix file.  That has
instructions I submitted for getting things to work under AIX....you
need to configure things to use DLPI.  You may also need to upgrade
your bos.rte.tty fileset to the latest patch from IBM.

Once you compile libpcap, compile ethereal against that instead of the
libpcap that comes with AIX.

I've never used Token Ring under AIX, so I'm not sure how that beast will
work.
-- 
Craig Rodrigues        
http://www.gis.net/~craigr    
rodrigc@xxxxxxxxxxxx