Network IP analysis?
Perry E. Metzger
perry at piermont.com
Wed Jun 25 16:35:36 UTC 1997
John Hawkinson writes:
> > anything else. Best to do this on a box that does native BPF, though
> > (asn an example SunOS does not do BPF and NIT can't handle the traffic
> > without dropping most stuff).
> BPF support for SunOS has been avaialable for years.
> At the present time, it is distributed as part of the ipmulti
> distribution (ftp://ftp.parc.xerox.com:/pub/net-research/ipmulti), and
> I believe that the LBL bpf distribution includes SunOS kernel .o files
Yes, I know, but it doesn't ship with SunOS. You are, of course,
correct that you can add it with a little help from the net.
It is very important to use BPF instead of NIT and its Solaris
replacement (the name escapes me) if you expect to be able to keep up
while monitoring the network. I've been able to record all the traffic
on ethernets using even ancient slow PCs without dropping more than a
trivial number of packets with BPF -- I've been unable to get even
fast Suns to keep up with an ethernet.
More information about the NANOG