Ethereal-users: Re: [Ethereal-users] Nettl trace files from hpux.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 21 May 2001 21:35:54 -0700 (PDT)
> This was my thought as well. It looks like TCP packets aren't handled. I was
> just wondering if anybody else has tried ethereal to read nettl trace files
> successfully.

As far as I know, Olivier Abad, the person who contributed the nettl
code, has gotten Ethereal to read at least *some* nettl files
successfully.

The "README.hpux" file on the Ethereal source says:

	nettl is used on HP-UX to trace various streams based
	subsystems.  Ethereal can read nettl files containing IP frames
	(NS_LS_IP subsystem) and LAPB frames (SX25L2 subsystem).  It has
	been tested with files generated on HP-UX 9.04 and 10.20.

	Use the following commands to generate a trace (cf. nettl(1M)): 

	# IP capture. 0x30000000 means PDU in and PDU out :
	nettl -tn 0x30000000 -e NS_LS_IP -f tracefile
	# X25 capture. You must specify an interface :
	nettl -tn 0x30000000 -e SX25l2 -d /dev/x25_0 -f tracefile
	# stop capture. subsystem is NS_LS_IP or SX25L2 :
	nettl -tf -e subsystem
  
	One may be able to specify "-tn pduin pduout" rather than "-tn
	0x30000000"; the nettl man page for HP-UX 10.30 implies that it
	should work.

I think he added support for HP-UX 11.00 after that comment was put in.

As the comment says, "Ethereal can read nettl files containing IP frames
(NS_LS_IP subsystem) and LAPB frames (SX25L2 subsystem)."  A recent
checking also added "Support for the BASE100 and GSC100BT subsystems",
but I don't know what "-e" flags you'd give to get frames from them -
perhaps "-e BASE100" and "-e GSC100BT".  I also don't know what other
command-line flags would be needed.

nettl files containing records from other subsystems can't be read.

> Thats a pity, I only mention this because in the 0.8.18 changelog there is a
> mention of a hpux plugin
> "The release adds IP fragment reassembly, plugin support on HPUX machines,

That's not mentioning an "HP-UX plugin" in the sense of a plugin module
that adds some sort of HP-UX support, it's mentioning that Ethereal now,
on HP-UX, can load plugin packet dissector modules (which are the only
types of plugins Ethereal currently supports).

Ethereal comes with two plugins - for MGCP and the protocol used by the
Gryphon device sold by the Dearborn Group.  Those plugins aren't HP-UX
specific - they're just modules that dissect the two protocols in
question.