Manualshelf

HP-UX HB v13.00 Ch-09 - Networking Basics

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
18192021222324252627
HP-UX Handbook Rev 13.00 Page 26 (of 27)
Chapter 09 Network Basics
October 29, 2013
Show the DNS traffic ( port 53 ) running via lan1 to the name server with IP address
15.137.16.1
# tcpdump p n i lan1 host 15.137.16.1 and port 53
These commands write (-w option) only one line of information per network package. Often
those one-liners do not contain enough information. Therefore we better write a raw trace to disk
(using the “-s” option to specify how much data should be stored “0” means all).
Write all data of the network packages of the DNS traffic to disk:
# tcpdump p s 0 i lan1 w /tmp/dns-trc.out host 15.137.16.1 and port 53
The output file (/tmp/dns-trc.out) contains raw (binary) data. We have to format the file, before
we can read it. This can be done with the tcpdump command, too:
# tcpdump n r /tmp/dns-trc.out vvv
Analysis of those trace files is much more effective and a lot easier, if you install a graphical tool
like Ethereal or Wireshark and open the trace file within this tool. Those tools also provide a lot
of online help and make reading and understating the trace easier.
Useful options:
Option
Explanation
-p
Disables promiscuous mode. ATTENTION: Some network drivers
dislike changes to the promiscuous mode, therefore ALWAYS use
this option on productive systems!!!
-n
Useful only for display. It disables name resolution within the output.
-s <number>
Defines the number of bytes, which will be saved to disk from each
package. The default value is 64. Use 0 if all bytes of the packages
should be saved.
-i <name>
Name of interface where we like to trace
-w <file>
Output file for trace data
-r <file>
Read data from file and do not trace
-v[vv]
Display more information
host <IP>
Filter statement, collect only packages from and to this IP
port <port#>
Filter statement, collect only packages from and to this port number
The big advantage of tcpdump is the flexibility of the filter expressions. You can use “AND” and
OR” statements to combine different filters. So it will ensure to save only the needed data to
disk (as you can see in the example). Please check the man pages and documentation for
additional information.