Wireshark · Ethereal-users: Re: [Ethereal-users] Sniffing on HP Token Ring cards

Ethereal-users: Re: [Ethereal-users] Sniffing on HP Token Ring cards

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Tue, 6 Nov 2001 16:16:49 -0800 (PST)

> Is it possible to sniff either of the following token-ring cards on a
> d-class hp-ux version 11 server.

I asked somebody I know at HP about this; his reply:

	> None of the "product information" pages say anything about
	> promiscuous mode or DLPI support on the J2166A card.
	> 

	> I couldn't find any obvious product information page about the
	> MDG0002 EISA card ...

	the EISA card is probably off the HP CLP.

	> Is it possible to sniff either of the following token-ring cards on a
	> d-class hp-ux version 11 server.
	> 
	> 1) .Class     I  H/W Path  Driver      S/W State H/W Type  Description
	> ===================================================================
	> lan       0  10/4/8    token2      CLAIMED   INTERFACE HP J2166A - 802.5 Token Ring

	um, as near as I can tell a J2166A is an HP-PB card.  There are
	no HP-PB slots in a D Class, only EISA and HSC, so the ioscan
	info above is not from a D Class.

	I'd be surprised if the HP-PB TR card supported promiscuous
	mode.  I found what purports to be a Product Support Plan and it
	makes no mention of support for promiscuous mode in the EISA or
	HP-PB cards.

	Certainly that would imply that DL_PROMISC_PHYS is out.  Whether
	or not the driver provides DL_PROMISC_SAP I do not know.

(I assume "off the HP CLP" is equivalent to "so old that we don't even
bother keeping information about it on the Web site".)

Without DL_PROMISC_PHYS, you will not be able to sniff in promiscuous
mode; you will only be able to see traffic that the machine running
Ethereal (or tcpdump, or any other sniffer) receives and possibly
traffic it sends as well (depending on whether the driver wraps sent
traffic back when not in promiscuous mode; if it doesn't, you won't be
able to see traffic the machine sends).

This means that if you use tcpdump or Tethereal, you will have to run
them with the "-p" flag, to turn promiscuous mode off, and if you use
Ethereal, you will have to disable promiscuous mode in the "Capture
Preferences" dialog box, if you want to sniff at all.

Without DL_PROMISC_SAP - which is a function of the driver, *not* of the
hardwware - you will not even be able to sniff traffic to and from the
machine.  If the driver doesn't support DL_PROMISC_SAP, tcpdump and
Tethereal won't even work with the "-p" flag, and Ethereal won't even
work if you disable promiscuous mode in the "Capture Preferences" dialog
box.

NOTE: if capturing doesn't work even with promiscuous mode turned off,
that does not *ipso facto* mean that this is because DL_PROMISC_SAP
isn't supported; the error message might indicate whether that was the
problem or not, so we'd have to see the error message in order to
determine that (and even that might not indicate whether that's the
problem).

References:
- [Ethereal-users] (no subject)
  - From: jason . scott

Prev by Date: Re: [Ethereal-users] tethereal - turning dissectors off
Next by Date: [Ethereal-users] problem with reading AIX iptrace file (apparently giop creates a problem)
Previous by thread: [Ethereal-users] (no subject)
Next by thread: [Ethereal-users] (no subject)
Index(es):
- Date
- Thread