nexmon – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 Contents:
2  
3 1 - Building wireshark
4 2 - Building GTK+/GLib with HP's C compiler
5 3 - nettl support
6 4 - libpcap on HP-UX
7 5 - HP-UX patches to fix packet capture problems
8  
9 1 - Building wireshark
10  
11 The Software Porting And Archive Centre for HP-UX, at
12  
13 http://hpux.connect.org.uk/
14  
15 (with mirrors in various countries, listed on the Centre's home page;
16 you may want to choose a mirror closer to you) has ported versions, in
17 both source and binary form, for Wireshark, as well as for the libpcap,
18 GLib, GTK+, and zlib libraries that it uses.
19  
20 The changes they've made appear largely to be compile option changes; if
21 you've downloaded the source to the latest version of Wireshark (the
22 version on the Centre's site may not necessarily be the latest version),
23 it should be able to compile, perhaps with those changes.
24  
25 They appear to have used HP-UX's "cc" compiler, with the options "-Ae
26 -O"; there's a comment "Add -Dhpux_9 if building under 9.X". It may
27 also build with GCC.
28  
29 They currently have libpcap 0.6.2; libpcap 0.6.2, and later versions,
30 include changes to properly open network devices when given the name
31 reported by the lanscan and ifconfig commands - earlier versions didn't
32 do this correctly. Therefore, we strongly suggest you use libpcap 0.6.2
33 or later, not libpcap 0.5.2.
34  
35 2 - Building GTK+/GLib with HP's C compiler
36  
37 By default, HP's C compiler doesn't support "long long int" to provide
38 64-bit integral data types on 32-bit platforms; the "-Ae" flag must be
39 supplied to enable extensions such as that.
40  
41 Wireshark's "configure" script automatically includes that flag if it
42 detects that the native compiler is being used on HP-UX; however, the
43 configure scripts for GTK+ and GLib don't do so, which means that 64-bit
44 integer support won't be enabled.
45  
46 This may prevent some parts of Wireshark from compiling; in order to get
47 64-bit integer support in GTK+/GLib, edit all the Makefiles for GTK+ and
48 GLib, as generated by the GTK+ and GLib "configure" scripts, to add
49 "-Ae" to all "CFLAGS = " definitions found in those Makefiles. (If a
50 Makefile lacks a "CFLAGS = " definition, there's no need to add a
51 definition that includes "-Ae".)
52  
53 3 - nettl support
54  
55 nettl is used on HP-UX to trace various streams based subsystems. Wireshark
56 can read nettl files containing raw IP frames (NS_LS_IP, NS_LS_TCP,
57 NS_LS_UDP, NS_LS_ICMP subsystems), all ethernet/tokenring/fddi driver
58 level frames (such as BTLAN, BASE100, GELAN, IGELAN subsystems) and LAPB
59 frames (SX25L2 subsystem). Use "ioscan -kfClan" to see the driver
60 names and compare that to /etc/nettlgen.conf to find the nettl subsystem
61 name for your particular release.
62  
63 It has been tested with files generated on HP-UX 9.04, 10.20, and 11.x.
64  
65 Use the following commands to generate a trace (cf. nettl(1M)):
66  
67 # IP capture:
68 nettl -tn pduin pduout -e NS_LS_IP -f tracefile
69 # Driver level capture. Replace btlan with the name of your interface:
70 nettl -tn pduin pduout -e btlan -f tracefile
71 # X25 capture. You must specify an interface :
72 nettl -tn pduin pduout -e SX25l2 -d /dev/x25_0 -f tracefile
73 # stop capture. subsystem is NS_LS_IP, btlan, SX25L2 :
74 nettl -tf -e subsystem
75  
76 You may have to use "-tn 0x30000000" instead of "-tn pduin pduout"
77 on old versions of 10.20 and 9.04.
78  
79 4 - libpcap on HP-UX
80  
81 If you want to use Wireshark to capture packets, you will have to install
82 libpcap; binary distributions are, as noted above, available from the
83 Software Porting And Archive Centre for HP-UX, as well as source code.
84  
85 Versions of libpcap prior to 0.6 didn't handle HP-UX as well as 0.6 and
86 later versions do. You should install the latest version.
87  
88 The source code is also available from the official home of libpcap and
89 tcpdump, at
90  
91 http://www.tcpdump.org/
92  
93 if you want a version later than the version available from the Software
94 Porting And Archive Centre; however, the versions available from
95 tcpdump.org might not, for example, include support for building libpcap
96 as a shared library.
97  
98 5 - HP-UX patches to fix packet capture problems
99  
100 Note that packet-capture programs such as Wireshark/TShark or tcpdump
101 may, on HP-UX, not be able to see packets sent from the machine on which
102 they're running. Make sure you have a recent "LAN Cummulative/DLPI" patch
103 installed.
104  
105 Some articles on groups.google.com discussing this are:
106  
107 http://groups.google.com/groups?selm=82ld3v%2480i%241%40mamenchi.zrz.TU-Berlin.DE
108  
109 which says:
110  
111 Newsgroups: comp.sys.hp.hpux
112 Subject: Re: Did someone made tcpdump working on 10.20 ?
113 Date: 12/08/1999
114 From: Lutz Jaenicke <jaenicke@emserv1.ee.TU-Berlin.DE>
115  
116 In article <82ks5i$5vc$1@news1.dti.ne.jp>, mtsat <mtsat@iris.dti.ne.jp>
117 wrote:
118 >Hello,
119 >
120 >I downloaded and compiled tcpdump3.4 a couple of week ago. I tried to use
121 >it, but I can only see incoming data, never outgoing.
122 >Someone (raj) explained me that a patch was missing, and that this patch
123 >must me "patched" (poked) in order to see outbound data in promiscuous mode.
124 >Many things to do .... So the question is : did someone has already this
125 >"ready to use" PHNE_**** patch ?
126  
127 Two things:
128 1. You do need a late "LAN products cumulative patch" (e.g. PHNE_18173
129 for s700/10.20).
130 2. You must use
131 echo 'lanc_outbound_promisc_flag/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem
132 You can insert this e.g. into /sbin/init.d/lan
133  
134 Best regards,
135 Lutz
136  
137 and
138  
139 http://groups.google.com/groups?selm=88cf4t%24p03%241%40web1.cup.hp.com
140  
141 which says:
142  
143 Newsgroups: comp.sys.hp.hpux
144 Subject: Re: tcpdump only shows incoming packets
145 Date: 02/15/2000
146 From: Rick Jones <foo@bar.baz.invalid>
147  
148 Harald Skotnes <harald@cc.uit.no> wrote:
149 > I am running HPUX 11.0 on a C200 hanging on a 100Mb switch. I have
150 > compiled libpcap-0.4 an tcpdump-3.4 and it seems to work. But at a
151 > closer look I only get to see the incoming packets not the
152 > outgoing. I have tried tcpflow-0.12 which also uses libpcap and the
153 > same thing happens. Could someone please give me a hint on how to
154 > get this right?
155  
156 Search/Read the archives ?-)
157  
158 What you are seeing is expected, un-patched, behaviour for an HP-UX
159 system. On 11.00, you need to install the latest lancommon/DLPI
160 patches, and then the latest driver patch for the interface(s) in use.
161 At that point, a miracle happens and you should start seeing outbound
162 traffic.
163  
164 [That article also mentions the patch that appears below.]
165  
166 and
167  
168 http://groups.google.com/groups?selm=38AA973E.96BE7DF7%40cc.uit.no
169  
170 which says:
171  
172 Newsgroups: comp.sys.hp.hpux
173 Subject: Re: tcpdump only shows incoming packets
174 Date: 02/16/2000
175 From: Harald Skotnes <harald@cc.uit.no>
176  
177 Rick Jones wrote:
178  
179 ...
180  
181 > What you are seeing is expected, un-patched, behaviour for an HP-UX
182 > system. On 11.00, you need to install the latest lancommon/DLPI
183 > patches, and then the latest driver patch for the interface(s) in
184 > use. At that point, a miracle happens and you should start seeing
185 > outbound traffic.
186  
187 Thanks a lot. I have this problem on several machines running HPUX
188 10.20 and 11.00. The machines where patched up before y2k so did not
189 know what to think. Anyway I have now installed PHNE_19766,
190 PHNE_19826, PHNE_20008, PHNE_20735 on the C200 and now I can see the
191 outbound traffic too. Thanks again.
192  
193 (although those patches may not be the ones to install - there may be
194 later patches).
195  
196 And another message to tcpdump-workers@tcpdump.org, from Rick Jones:
197  
198 Date: Mon, 29 Apr 2002 15:59:55 -0700
199 From: Rick Jones
200 To: tcpdump-workers@tcpdump.org
201 Subject: Re: [tcpdump-workers] I Can't Capture the Outbound Traffic
202  
203 ...
204  
205 http://itrc.hp.com/ would be one place to start in a search for the most
206 up-to-date patches for DLPI and the lan driver(s) used on your system (I
207 cannot guess because 9000/800 is too generic - one hs to use the "model"
208 command these days and/or an ioscan command (see manpage) to guess what
209 the drivers (btlan[3456], gelan, etc) might be involved in addition to
210 DLPI.
211  
212 Another option is to upgrade to 11i as outbound promiscuous mode support
213 is there in the base OS, no patches required.
214  
215 Another posting:
216  
217 http://groups.google.com/groups?selm=7d6gvn%24b3%241%40ocean.cup.hp.com
218  
219 indicates that you need to install the optional STREAMS product to do
220 captures on HP-UX 9.x:
221  
222 Newsgroups: comp.sys.hp.hpux
223 Subject: Re: tcpdump HP/UX 9.x
224 Date: 03/22/1999
225 From: Rick Jones <foo@bar.baz>
226  
227 Dave Barr (barr@cis.ohio-state.edu) wrote:
228 : Has anyone ported tcpdump (or something similar) to HP/UX 9.x?
229  
230 I'm reasonably confident that any port of tcpdump to 9.X would require
231 the (then optional) STREAMS product. This would bring DLPI, which is
232 what one uses to access interfaces in promiscuous mode.
233  
234 I'm not sure that HP even sells the 9.X STREAMS product any longer,
235 since HP-UX 9.X is off the pricelist (well, maybe 9.10 for the old 68K
236 devices).
237  
238 Your best bet is to be up on 10.20 or better if that is at all
239 possible. If your hardware is supported by it, I'd go with HP-UX 11.
240 If you want to see the system's own outbound traffic, you'll never get
241 that functionality on 9.X, but it might happen at some point for 10.20
242 and 11.X.
243  
244 rick jones
245  
246 (as per other messages cited here, the ability to see the system's own
247 outbound traffic did happen).
248  
249 Rick Jones reports that HP-UX 11i needs no patches for outbound
250 promiscuous mode support.
251  
252 An additional note, from Jost Martin, for HP-UX 10.20:
253  
254 Q: How do I get wireshark on HPUX to capture the _outgoing_ packets
255 of an interface
256 A: You need to get PHNE_20892,PHNE_20725 and PHCO_10947 (or
257 newer, this is as of 4.4.00) and its dependencies. Then you can
258 enable the feature as described below:
259  
260 Patch Name: PHNE_20892
261 Patch Description: s700 10.20 PCI 100Base-T cumulative patch
262 To trace the outbound packets, please do the following
263 to turn on a global promiscuous switch before running
264 the promiscuous applications like snoop or tcpdump:
265  
266 adb -w /stand/vmunix /dev/mem
267 lanc_outbound_promisc_flag/W 1
268 (adb will echo the result showing that the flag has
269 been changed)
270 $quit
271 (Thanks for this part to HP-support, Ratingen)
272  
273 The attached hack does this and some security-related stuff
274 (thanks to hildeb@www.stahl.bau.tu-bs.de (Ralf Hildebrandt) who
275 posted the security-part some time ago)
276  
277 <<hack_ip_stack>>
278  
279 (Don't switch IP-forwarding off, if you need it !)
280 Install the hack as /sbin/init.d/hacl_ip_stack (adjust
281 permissions !) and make a sequencing-symlink
282 /sbin/rc2.d/S350hack_ip_stack pointing to this script.
283 Now all this is done on every reboot.
284  
285 According to Rick Jones, the global promiscuous switch also has to be
286 turned on for HP-UX 11.00, but not for 11i - and, in fact, the switch
287 doesn't even exist on 11i.
288  
289 Here's the "hack_ip_stack" script:
290  
291 -----------------------------------Cut Here-------------------------------------
292 #!/sbin/sh
293 #
294 # nettune: hack kernel parms for safety
295  
296 OKAY=0
297 ERROR=-1
298  
299 # /usr/contrib/bin fuer nettune auf Pfad
300 PATH=/sbin:/usr/sbin:/usr/bin:/usr/contrib/bin
301 export PATH
302  
303  
304 ##########
305 # main #
306 ##########
307  
308 case $1 in
309 start_msg)
310 print "Tune IP-Stack for security"
311 exit $OKAY
312 ;;
313  
314 stop_msg)
315 print "This action is not applicable"
316 exit $OKAY
317 ;;
318  
319 stop)
320 exit $OKAY
321 ;;
322  
323 start)
324 ;; # fall through
325  
326 *)
327 print "USAGE: $0 {start_msg | stop_msg | start | stop}" >&2
328 exit $ERROR
329 ;;
330 esac
331  
332 ###########
333 # start #
334 ###########
335  
336 #
337 # tcp-Sequence-Numbers nicht mehr inkrementieren sondern random
338 # Syn-Flood-Protection an
339 # ip_forwarding aus
340 # Source-Routing aus
341 # Ausgehende Packets an ethereal/tcpdump etc.
342  
343 /usr/contrib/bin/nettune -s tcp_random_seq 2 || exit $ERROR
344 /usr/contrib/bin/nettune -s hp_syn_protect 1 || exit $ERROR
345 /usr/contrib/bin/nettune -s ip_forwarding 0 || exit $ERROR
346 echo 'ip_block_source_routed/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem || exit $ERROR
347 echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem || exit $ERROR
348  
349 exit $OKAY
350 -----------------------------------Cut Here-------------------------------------