1 $Id: README.hpux,v 1.13 2000/08/13 07:48:55 guy Exp $
6 2 - Building GTK+/GLib with HP's C compiler
12 The Software Porting And Archive Centre for HP-UX, at
14 http://hpux.connect.org.uk/
16 (and with mirrors in various countries, listed on the Centre's home
17 page) has ported versions, in both source and binary form, for Ethereal,
18 as well as for the libpcap, GLib, GTK+, zlib, and CMU SNMP libraries
21 The changes they've made appear largely to be compile option changes; if
22 you've downloaded the source to the latest version of Ethereal (the
23 version on the Centre's site may not necessarily be the latest version),
24 it should be able to compile, perhaps with those changes.
26 They appear to have used HP-UX's "cc" compiler, with the options "-Ae
27 -O"; there's a comment "Add -Dhpux_9 if building under 9.X". It may
30 The libpcap library has not been changed to properly open network
31 devices when given the name reported by the lanscan and ifconfig
32 commands; this means you may have difficulty capturing packets with
33 Ethereal on HP-UX. The "libpcap on HP-UX" item below discusses patches
34 to the libpcap source code that should fix this problem, and the process
35 you will have to go through to apply those patches and build and install
36 a new version of libpcap that includes those patches.
38 2 - Building GTK+/GLib with HP's C compiler
40 By default, HP's C compiler doesn't support "long long int" to provide
41 64-bit integral data types on 32-bit platforms; the "-Ae" flag must be
42 supplied to enable extensions such as that.
44 Ethereal's "configure" script automatically includes that flag if it
45 detects that the native compiler is being used on HP-UX; however, the
46 configure scripts for GTK+ and GLib don't do so, which means that 64-bit
47 integer support won't be enabled.
49 This may prevent some parts of Ethereal from compiling; in order to get
50 64-bit integer support in GTK+/GLib, edit all the Makefiles for GTK+ and
51 GLib, as generated by the GTK+ and GLib "configure" scripts, to add
52 "-Ae" to all "CFLAGS = " definitions found in those Makefiles. (If a
53 Makefile lacks a "CFLAGS = " definition, there's no need to add a
54 definition that includes "-Ae".)
58 nettl is used on HP-UX to trace various streams based subsystems. Ethereal
59 can read nettl files containing IP frames (NS_LS_IP subsystem) and LAPB
60 frames (SX25L2 subsystem).
61 It has been tested with files generated on HP-UX 9.04 and 10.20.
63 Use the following commands to generate a trace (cf. nettl(1M)):
65 # IP capture. 0x30000000 means PDU in and PDU out :
66 nettl -tn 0x30000000 -e NS_LS_IP -f tracefile
67 # X25 capture. You must specify an interface :
68 nettl -tn 0x30000000 -e SX25l2 -d /dev/x25_0 -f tracefile
69 # stop capture. subsystem is NS_LS_IP or SX25L2 :
70 nettl -tf -e subsystem
72 One may be able to specify "-tn pduin pduout" rather than
73 "-tn 0x30000000"; the nettl man page for HP-UX 10.30 implies that it
76 4 - "libpcap" on HP-UX
78 If you want to use Ethereal to capture packets, you will have to install
79 "libpcap"; the INSTALL file for "libpcap" has several comments about
80 HP-UX, which you should read if you're going to install and use
83 Note that packet-capture programs such as Ethereal/Tethereal or tcpdump
84 may, on HP-UX, not be able to see packets sent from the machine on which
85 they're running. Some articles on Deja.com discussing this are:
87 http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=558092266
91 Newsgroups: comp.sys.hp.hpux
92 Subject: Re: Did someone made tcpdump working on 10.20 ?
94 From: Lutz Jaenicke <jaenicke@emserv1.ee.TU-Berlin.DE>
96 In article <82ks5i$5vc$1@news1.dti.ne.jp>, mtsat <mtsat@iris.dti.ne.jp>
100 >I downloaded and compiled tcpdump3.4 a couple of week ago. I tried to use
101 >it, but I can only see incoming data, never outgoing.
102 >Someone (raj) explained me that a patch was missing, and that this patch
103 >must me "patched" (poked) in order to see outbound data in promiscuous mode.
104 >Many things to do .... So the question is : did someone has already this
105 >"ready to use" PHNE_**** patch ?
108 1. You do need a late "LAN products cumulative patch" (e.g. PHNE_18173
111 echo 'lanc_outbound_promisc_flag/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem
112 You can insert this e.g. into /sbin/init.d/lan
119 http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=586287166
123 Newsgroups: comp.sys.hp.hpux
124 Subject: Re: tcpdump only shows incoming packets
126 From: Rick Jones <foo@bar.baz.invalid>
128 Harald Skotnes <harald@cc.uit.no> wrote:
129 > I am running HPUX 11.0 on a C200 hanging on a 100Mb switch. I have
130 > compiled libpcap-0.4 an tcpdump-3.4 and it seems to work. But at a
131 > closer look I only get to see the incoming packets not the
132 > outgoing. I have tried tcpflow-0.12 which also uses libpcap and the
133 > same thing happens. Could someone please give me a hint on how to
136 Search/Read the archives ?-)
138 What you are seeing is expected, un-patched, behaviour for an HP-UX
139 system. On 11.00, you need to install the latest lancommon/DLPI
140 patches, and then the latest driver patch for the interface(s) in use.
141 At that point, a miracle happens and you should start seeing outbound
144 [That article also mentions the patch that appears below.]
148 http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=586494200
152 Newsgroups: comp.sys.hp.hpux
153 Subject: Re: tcpdump only shows incoming packets
155 From: Harald Skotnes <harald@cc.uit.no>
161 > What you are seeing is expected, un-patched, behaviour for an HP-UX
162 > system. On 11.00, you need to install the latest lancommon/DLPI
163 > patches, and then the latest driver patch for the interface(s) in
164 > use. At that point, a miracle happens and you should start seeing
167 Thanks a lot. I have this problem on several machines running HPUX
168 10.20 and 11.00. The machines where patched up before y2k so did not
169 know what to think. Anyway I have now installed PHNE_19766,
170 PHNE_19826, PHNE_20008, PHNE_20735 on the C200 and now I can see the
171 outbound traffic too. Thanks again.
175 http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=457744130
177 indicates that you need to install the optional STREAMS product to do
178 captures on HP-UX 9.x:
180 Newsgroups: comp.sys.hp.hpux
181 Subject: Re: tcpdump HP/UX 9.x
183 From: Rick Jones <foo@bar.baz>
185 Dave Barr (barr@cis.ohio-state.edu) wrote:
186 : Has anyone ported tcpdump (or something similar) to HP/UX 9.x?
188 I'm reasonably confident that any port of tcpdump to 9.X would require
189 the (then optional) STREAMS product. This would bring DLPI, which is
190 what one uses to access interfaces in promiscuous mode.
192 I'm not sure that HP even sells the 9.X STREAMS product any longer,
193 since HP-UX 9.X is off the pricelist (well, maybe 9.10 for the old 68K
196 Your best bet is to be up on 10.20 or better if that is at all
197 possible. If your hardware is supported by it, I'd go with HP-UX 11.
198 If you want to see the system's own outbound traffic, you'll never get
199 that functionality on 9.X, but it might happen at some point for 10.20
204 (as per other messages cited here, the ability to see the system's own
205 outbound traffic did happen).
207 Another note, from a mail message to the "ethereal-users" list:
209 Date: Wed, 22 Dec 1999 09:05:47 -0600 (EST)
210 From: Gerald Combs <gerald@zing.org>
211 To: Lothar Seitter <lothar.seitter@arcormail.de>
212 cc: ethereal-users@zing.org
213 Subject: Re: [ethereal-users] permission problem with capturing
215 On Wed, 22 Dec 1999, Lothar Seitter wrote:
217 > running 'ethereal' under HP-UX 11 with root permission and
218 > /dev/lan0 set to 777, I always get the message:
219 > "There are no network interfaces that can be opened.
220 > Please to make sure you have sufficient permission to
223 > I start ethereal with 'etheral -i lan0' and lan0 is definitely
226 > What am I missing???
228 You may need to reference the card's DLPI device directly. We were having
229 trouble getting Ethereal to capture on an HP-UX 10.20 machine here. I
230 found an article on Deja News that says:
232 "To access a particular interface, you would say "tcpdump -i /dev/dlpiN"
233 where N is the PPA of the interface you wish to use. You get the PPA by
234 looking at the output of lanscan. On 10.20, it is the same value as the
235 NMID. On 11.X, it is the Card Instance number."
237 This didn't help in our case, but it might in yours. The full article is
238 at http://x34.deja.com/[ST_rn=ps]/getdoc.xp?AN=549366486 .
240 Another article by the same author mentions that experimental versions of
241 libpcap and tcpdump are available at
242 ftp://ftp.cup.hp.com/dist/networking/tools/ . The article itself is at
243 http://x34.deja.com/[ST_rn=ps]/getdoc.xp?AN=558665378 .
245 The first of those articles also says:
247 BTW, before you have to make a follow-up post, you will find that
248 unless you have the latest lan common/DLPI/driver patches installed,
249 you will _not_ see the system's own outbound traffic.
251 An additional note, from Jost Martin, for HP-UX 10.20:
253 Q: How do I get ethereral on HPUX to capture the _outgoing_ packets
255 A: You need to get PHNE_20892,PHNE_20725 and PHCO_10947 (or
256 newer, this is as of 4.4.00) and its dependencies. Then you can
257 enable the feature as descibed below:
259 Patch Name: PHNE_20892
260 Patch Description: s700 10.20 PCI 100Base-T cumulative patch
261 To trace the outbound packets, please do the following
262 to turn on a global promiscuous switch before running
263 the promiscuous applications like snoop or tcpdump:
265 adb -w /stand/vmunix /dev/mem
266 lanc_outbound_promisc_flag/W 1
267 (adb will echo the result showing that the flag has
270 (Thanks for this part to HP-support, Ratingen)
272 The attached hack does this and some security-related stuff
273 (thanks to hildeb@www.stahl.bau.tu-bs.de (Ralf Hildebrandt) who
274 posted the security-part some time ago)
278 (Don't switch IP-forwarding off, if you need it !)
279 Install the hack as /sbin/init.d/hacl_ip_stack (adjust
280 permissions !) and make a sequencing-symlink
281 /sbin/rc2.d/S350hack_ip_stack pointing to this script.
282 Now all this is done on every reboot.
284 Here's the "hack_ip_stack" script:
286 -----------------------------------Cut Here-------------------------------------
289 # nettune: hack kernel parms for safety
294 # /usr/contrib/bin fuer nettune auf Pfad
295 PATH=/sbin:/usr/sbin:/usr/bin:/usr/contrib/bin
305 print "Tune IP-Stack for security"
310 print "This action is not applicable"
322 print "USAGE: $0 {start_msg | stop_msg | start | stop}" >&2
332 # tcp-Sequence-Numbers nicht mehr inkrementieren sondern random
333 # Syn-Flood-Protection an
336 # Ausgehende Packets an ethereal/tcpdump etc.
338 /usr/contrib/bin/nettune -s tcp_random_seq 2 || exit $ERROR
339 /usr/contrib/bin/nettune -s hp_syn_protect 1 || exit $ERROR
340 /usr/contrib/bin/nettune -s ip_forwarding 0 || exit $ERROR
341 echo 'ip_block_source_routed/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem || exit $ERROR
342 echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem || exit $ERROR
345 -----------------------------------Cut Here-------------------------------------
347 It appears that a consequence of the fact that HP-UX's DLPI doesn't work
348 like Solaris's, in that, on Solaris, to get at the device "hme0", say,
349 "libpcap" has to open "/dev/hme" and then tell it to use the 0th
350 interface, whilst on HP-UX you have to go through "/dev/dlpi", you won't
351 get a list of interfaces in the dialog box for "Capture:Start" - you'll
352 have to do through the aforementioned song and dance to find the PPA of
353 the interface you want to use, and supply the "dlpiN" name by hand (I
354 think you can omit the "/dev/" in both tcpdump and Ethereal).
356 Here is a patch to "pcap-dlpi.c" in libpcap that, at least on HP-UX
357 11.X, allows the name of the network interface, rather than the "dlpiN"
358 name, to be specified to tcpdump and Ethereal.
360 On HP-UX 11.00, the patch allows a network interface to be specified by
361 name as an argument to tcpdump, rather than requiring that you specify a
362 "dlpiN" name (and it should work equally well with Ethereal).
364 If you try this code on HP-UX 10.20, and it doesn't let you specify the
365 interface by name, please send mail to ethereal-dev@zing.org, so that we
366 know that it didn't work - we'll probably send you debugging patches in
367 the hopes of being able to make it work on 10.20 as well. (It appeared
368 to work in some tests done on HP-UX 10.20 systems.)
370 To use this patch, you will need the source to libpcap; if you don't
371 already have it, it is available from the Software Porting And Archive
372 Centre for HP-UX (see above for its URL). Search for "libpcap" in the
373 "Package Search" box.
375 The patch would be applied with the "patch" program; if you don't
376 already have it, it is also available from the Software Porting And
377 Archive Centre for HP-UX. Search for "patch" in the "Package Search" -
378 it will find many packages; look for the one in the "Sysadmin" category
379 with the description "Applies diffs to files to reproduce new versions".
381 If you have downloaded the source to libpcap 0.4 from the Porting and
382 Archive Centre, the patch to use is in the file
384 libpcap-0.4.HPUX.HPUXPAC.patch
386 If you have downloaded the source to libpcap 0.4 from the Lawrence
387 Berkeley Laboratory Web site, the patch to use is in the file
389 libpcap-0.4.HPUX.LBL.patch
391 If you have downloaded the source to libpcap 0.5 from the tcpdump.org
392 Web site, the patch to use is in the file
394 libpcap-0.5.HPUX.tcpdump.org.patch
396 Note that the versions from Lawrence Berkeley Laboratory and tcpdump.org
397 will probably not compile on HP-UX with HP's ANSI C compiler, and will
398 not build and install a shared library, so patching, building, and
399 installing those versions will require that you have GCC installed, and
400 that you download the source to Ethereal and build it from source.
402 You should apply only the patch file appropriate to the particular
403 version of libpcap source that you have downloaded; attempting to apply
404 a different patch file will probably cause errors.