-$Id$
+
+Note: We *probably* don't support HP-UX any more, at least not in the
+sense that you can run `configure; make` or `cmake ... ; make` and
+expect everything to work out of the box. At the time of this writing
+(August 2017) the most recent version of Wireshark available at the
+HP-UX Porting and Archive Centre is 1.10.5 and the most recently
+reported HP-UX bug (#6550) was from 2012. The Porting and Archive Centre
+provides libraries required to build TShark, and while the GTK+ packages
+are current (2.24.31) they are 32-bit only. Recent Qt packages are not
+provided.
Contents:
-1 - Building ethereal
+1 - Building wireshark
2 - Building GTK+/GLib with HP's C compiler
3 - nettl support
4 - libpcap on HP-UX
5 - HP-UX patches to fix packet capture problems
-1 - Building ethereal
+1 - Building wireshark
-The Software Porting And Archive Centre for HP-UX, at
+The HP-UX Porting and Archive Centre, at
http://hpux.connect.org.uk/
GLib, GTK+, and zlib libraries that it uses.
The changes they've made appear largely to be compile option changes; if
-you've downloaded the source to the latest version of Ethereal (the
+you've downloaded the source to the latest version of Wireshark (the
version on the Centre's site may not necessarily be the latest version),
it should be able to compile, perhaps with those changes.
64-bit integral data types on 32-bit platforms; the "-Ae" flag must be
supplied to enable extensions such as that.
-Ethereal's "configure" script automatically includes that flag if it
+Wireshark's "configure" script automatically includes that flag if it
detects that the native compiler is being used on HP-UX; however, the
configure scripts for GTK+ and GLib don't do so, which means that 64-bit
integer support won't be enabled.
-This may prevent some parts of Ethereal from compiling; in order to get
+This may prevent some parts of Wireshark from compiling; in order to get
64-bit integer support in GTK+/GLib, edit all the Makefiles for GTK+ and
GLib, as generated by the GTK+ and GLib "configure" scripts, to add
"-Ae" to all "CFLAGS = " definitions found in those Makefiles. (If a
3 - nettl support
-nettl is used on HP-UX to trace various streams based subsystems. Ethereal
+nettl is used on HP-UX to trace various streams based subsystems. Wireshark
can read nettl files containing raw IP frames (NS_LS_IP, NS_LS_TCP,
NS_LS_UDP, NS_LS_ICMP subsystems), all ethernet/tokenring/fddi driver
level frames (such as BTLAN, BASE100, GELAN, IGELAN subsystems) and LAPB
4 - libpcap on HP-UX
-If you want to use Ethereal to capture packets, you will have to install
+If you want to use Wireshark to capture packets, you will have to install
libpcap; binary distributions are, as noted above, available from the
Software Porting And Archive Centre for HP-UX, as well as source code.
5 - HP-UX patches to fix packet capture problems
-Note that packet-capture programs such as Ethereal/TShark or tcpdump
+Note that packet-capture programs such as Wireshark/TShark or tcpdump
may, on HP-UX, not be able to see packets sent from the machine on which
they're running. Make sure you have a recent "LAN Cummulative/DLPI" patch
installed.
which says:
- Newsgroups: comp.sys.hp.hpux
+ Newsgroups: comp.sys.hp.hpux
Subject: Re: Did someone made tcpdump working on 10.20 ?
Date: 12/08/1999
From: Lutz Jaenicke <jaenicke@emserv1.ee.TU-Berlin.DE>
>must me "patched" (poked) in order to see outbound data in promiscuous mode.
>Many things to do .... So the question is : did someone has already this
>"ready to use" PHNE_**** patch ?
-
+
Two things:
1. You do need a late "LAN products cumulative patch" (e.g. PHNE_18173
for s700/10.20).
2. You must use
echo 'lanc_outbound_promisc_flag/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem
You can insert this e.g. into /sbin/init.d/lan
-
+
Best regards,
Lutz
which says:
- Newsgroups: comp.sys.hp.hpux
+ Newsgroups: comp.sys.hp.hpux
Subject: Re: tcpdump only shows incoming packets
Date: 02/15/2000
From: Rick Jones <foo@bar.baz.invalid>
> outgoing. I have tried tcpflow-0.12 which also uses libpcap and the
> same thing happens. Could someone please give me a hint on how to
> get this right?
-
+
Search/Read the archives ?-)
-
+
What you are seeing is expected, un-patched, behaviour for an HP-UX
system. On 11.00, you need to install the latest lancommon/DLPI
- patches, and then the latest driver patch for the interface(s) in use.
+ patches, and then the latest driver patch for the interface(s) in use.
At that point, a miracle happens and you should start seeing outbound
traffic.
From: Harald Skotnes <harald@cc.uit.no>
Rick Jones wrote:
-
+
...
> What you are seeing is expected, un-patched, behaviour for an HP-UX
> patches, and then the latest driver patch for the interface(s) in
> use. At that point, a miracle happens and you should start seeing
> outbound traffic.
-
+
Thanks a lot. I have this problem on several machines running HPUX
10.20 and 11.00. The machines where patched up before y2k so did not
know what to think. Anyway I have now installed PHNE_19766,
Date: Mon, 29 Apr 2002 15:59:55 -0700
From: Rick Jones
- To: tcpdump-workers@tcpdump.org
+ To: tcpdump-workers@tcpdump.org
Subject: Re: [tcpdump-workers] I Can't Capture the Outbound Traffic
...
Dave Barr (barr@cis.ohio-state.edu) wrote:
: Has anyone ported tcpdump (or something similar) to HP/UX 9.x?
-
+
I'm reasonably confident that any port of tcpdump to 9.X would require
the (then optional) STREAMS product. This would bring DLPI, which is
what one uses to access interfaces in promiscuous mode.
-
+
I'm not sure that HP even sells the 9.X STREAMS product any longer,
since HP-UX 9.X is off the pricelist (well, maybe 9.10 for the old 68K
- devices).
-
+ devices).
+
Your best bet is to be up on 10.20 or better if that is at all
- possible. If your hardware is supported by it, I'd go with HP-UX 11.
+ possible. If your hardware is supported by it, I'd go with HP-UX 11.
If you want to see the system's own outbound traffic, you'll never get
that functionality on 9.X, but it might happen at some point for 10.20
- and 11.X.
-
+ and 11.X.
+
rick jones
(as per other messages cited here, the ability to see the system's own
An additional note, from Jost Martin, for HP-UX 10.20:
- Q: How do I get ethereral on HPUX to capture the _outgoing_ packets
+ Q: How do I get wireshark on HPUX to capture the _outgoing_ packets
of an interface
A: You need to get PHNE_20892,PHNE_20725 and PHCO_10947 (or
newer, this is as of 4.4.00) and its dependencies. Then you can
- enable the feature as descibed below:
+ enable the feature as described below:
Patch Name: PHNE_20892
Patch Description: s700 10.20 PCI 100Base-T cumulative patch
(thanks to hildeb@www.stahl.bau.tu-bs.de (Ralf Hildebrandt) who
posted the security-part some time ago)
- <<hack_ip_stack>>
+ <<hack_ip_stack>>
(Don't switch IP-forwarding off, if you need it !)
Install the hack as /sbin/init.d/hacl_ip_stack (adjust
permissions !) and make a sequencing-symlink
- /sbin/rc2.d/S350hack_ip_stack pointing to this script.
+ /sbin/rc2.d/S350hack_ip_stack pointing to this script.
Now all this is done on every reboot.
According to Rick Jones, the global promiscuous switch also has to be