1 $Id: README.hpux,v 1.17 2002/04/29 22:55:22 guy Exp $
6 2 - Building GTK+/GLib with HP's C compiler
9 5 - HP-UX patches to fix packet capture problems
13 The Software Porting And Archive Centre for HP-UX, at
15 http://hpux.connect.org.uk/
17 (with mirrors in various countries, listed on the Centre's home page;
18 you may want to choose a mirror closer to you) has ported versions, in
19 both source and binary form, for Ethereal, as well as for the libpcap,
20 GLib, GTK+, and zlib libraries that it uses.
22 The changes they've made appear largely to be compile option changes; if
23 you've downloaded the source to the latest version of Ethereal (the
24 version on the Centre's site may not necessarily be the latest version),
25 it should be able to compile, perhaps with those changes.
27 They appear to have used HP-UX's "cc" compiler, with the options "-Ae
28 -O"; there's a comment "Add -Dhpux_9 if building under 9.X". It may
31 They currently have libpcap 0.6.2; libpcap 0.6.2, and later versions,
32 include changes to properly open network devices when given the name
33 reported by the lanscan and ifconfig commands - earlier versions didn't
34 do this correctly. Therefore, we strongly suggest you use libpcap 0.6.2
35 or later, not libpcap 0.5.2.
37 2 - Building GTK+/GLib with HP's C compiler
39 By default, HP's C compiler doesn't support "long long int" to provide
40 64-bit integral data types on 32-bit platforms; the "-Ae" flag must be
41 supplied to enable extensions such as that.
43 Ethereal's "configure" script automatically includes that flag if it
44 detects that the native compiler is being used on HP-UX; however, the
45 configure scripts for GTK+ and GLib don't do so, which means that 64-bit
46 integer support won't be enabled.
48 This may prevent some parts of Ethereal from compiling; in order to get
49 64-bit integer support in GTK+/GLib, edit all the Makefiles for GTK+ and
50 GLib, as generated by the GTK+ and GLib "configure" scripts, to add
51 "-Ae" to all "CFLAGS = " definitions found in those Makefiles. (If a
52 Makefile lacks a "CFLAGS = " definition, there's no need to add a
53 definition that includes "-Ae".)
57 nettl is used on HP-UX to trace various streams based subsystems. Ethereal
58 can read nettl files containing IP frames (NS_LS_IP subsystem) and LAPB
59 frames (SX25L2 subsystem).
60 It has been tested with files generated on HP-UX 9.04 and 10.20.
62 Use the following commands to generate a trace (cf. nettl(1M)):
64 # IP capture. 0x30000000 means PDU in and PDU out :
65 nettl -tn 0x30000000 -e NS_LS_IP -f tracefile
66 # X25 capture. You must specify an interface :
67 nettl -tn 0x30000000 -e SX25l2 -d /dev/x25_0 -f tracefile
68 # stop capture. subsystem is NS_LS_IP or SX25L2 :
69 nettl -tf -e subsystem
71 One may be able to specify "-tn pduin pduout" rather than
72 "-tn 0x30000000"; the nettl man page for HP-UX 10.30 implies that it
77 If you want to use Ethereal to capture packets, you will have to install
78 libpcap; binary distributions are, as noted above, available from the
79 Software Porting And Archive Centre for HP-UX, as well as source code.
81 The source code is also available from the official home of libpcap and
84 http://www.tcpdump.org/
86 if you want a version later than the version available from the Software
87 Porting And Archive Centre; however, the versions available from
88 tcpdump.org might not, for example, include support for building libpcap
91 5 - HP-UX patches to fix packet capture problems
93 Note that packet-capture programs such as Ethereal/Tethereal or tcpdump
94 may, on HP-UX, not be able to see packets sent from the machine on which
95 they're running. Some articles on groups.google.com discussing this
98 http://groups.google.com/groups?selm=82ld3v%2480i%241%40mamenchi.zrz.TU-Berlin.DE
102 Newsgroups: comp.sys.hp.hpux
103 Subject: Re: Did someone made tcpdump working on 10.20 ?
105 From: Lutz Jaenicke <jaenicke@emserv1.ee.TU-Berlin.DE>
107 In article <82ks5i$5vc$1@news1.dti.ne.jp>, mtsat <mtsat@iris.dti.ne.jp>
111 >I downloaded and compiled tcpdump3.4 a couple of week ago. I tried to use
112 >it, but I can only see incoming data, never outgoing.
113 >Someone (raj) explained me that a patch was missing, and that this patch
114 >must me "patched" (poked) in order to see outbound data in promiscuous mode.
115 >Many things to do .... So the question is : did someone has already this
116 >"ready to use" PHNE_**** patch ?
119 1. You do need a late "LAN products cumulative patch" (e.g. PHNE_18173
122 echo 'lanc_outbound_promisc_flag/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem
123 You can insert this e.g. into /sbin/init.d/lan
130 http://groups.google.com/groups?selm=88cf4t%24p03%241%40web1.cup.hp.com
134 Newsgroups: comp.sys.hp.hpux
135 Subject: Re: tcpdump only shows incoming packets
137 From: Rick Jones <foo@bar.baz.invalid>
139 Harald Skotnes <harald@cc.uit.no> wrote:
140 > I am running HPUX 11.0 on a C200 hanging on a 100Mb switch. I have
141 > compiled libpcap-0.4 an tcpdump-3.4 and it seems to work. But at a
142 > closer look I only get to see the incoming packets not the
143 > outgoing. I have tried tcpflow-0.12 which also uses libpcap and the
144 > same thing happens. Could someone please give me a hint on how to
147 Search/Read the archives ?-)
149 What you are seeing is expected, un-patched, behaviour for an HP-UX
150 system. On 11.00, you need to install the latest lancommon/DLPI
151 patches, and then the latest driver patch for the interface(s) in use.
152 At that point, a miracle happens and you should start seeing outbound
155 [That article also mentions the patch that appears below.]
159 http://groups.google.com/groups?selm=38AA973E.96BE7DF7%40cc.uit.no
163 Newsgroups: comp.sys.hp.hpux
164 Subject: Re: tcpdump only shows incoming packets
166 From: Harald Skotnes <harald@cc.uit.no>
172 > What you are seeing is expected, un-patched, behaviour for an HP-UX
173 > system. On 11.00, you need to install the latest lancommon/DLPI
174 > patches, and then the latest driver patch for the interface(s) in
175 > use. At that point, a miracle happens and you should start seeing
178 Thanks a lot. I have this problem on several machines running HPUX
179 10.20 and 11.00. The machines where patched up before y2k so did not
180 know what to think. Anyway I have now installed PHNE_19766,
181 PHNE_19826, PHNE_20008, PHNE_20735 on the C200 and now I can see the
182 outbound traffic too. Thanks again.
184 (although those patches may not be the ones to install - there may be
189 http://groups.google.com/groups?selm=7d6gvn%24b3%241%40ocean.cup.hp.com
191 indicates that you need to install the optional STREAMS product to do
192 captures on HP-UX 9.x:
194 Newsgroups: comp.sys.hp.hpux
195 Subject: Re: tcpdump HP/UX 9.x
197 From: Rick Jones <foo@bar.baz>
199 Dave Barr (barr@cis.ohio-state.edu) wrote:
200 : Has anyone ported tcpdump (or something similar) to HP/UX 9.x?
202 I'm reasonably confident that any port of tcpdump to 9.X would require
203 the (then optional) STREAMS product. This would bring DLPI, which is
204 what one uses to access interfaces in promiscuous mode.
206 I'm not sure that HP even sells the 9.X STREAMS product any longer,
207 since HP-UX 9.X is off the pricelist (well, maybe 9.10 for the old 68K
210 Your best bet is to be up on 10.20 or better if that is at all
211 possible. If your hardware is supported by it, I'd go with HP-UX 11.
212 If you want to see the system's own outbound traffic, you'll never get
213 that functionality on 9.X, but it might happen at some point for 10.20
218 (as per other messages cited here, the ability to see the system's own
219 outbound traffic did happen).
221 An additional note, from Jost Martin, for HP-UX 10.20:
223 Q: How do I get ethereral on HPUX to capture the _outgoing_ packets
225 A: You need to get PHNE_20892,PHNE_20725 and PHCO_10947 (or
226 newer, this is as of 4.4.00) and its dependencies. Then you can
227 enable the feature as descibed below:
229 Patch Name: PHNE_20892
230 Patch Description: s700 10.20 PCI 100Base-T cumulative patch
231 To trace the outbound packets, please do the following
232 to turn on a global promiscuous switch before running
233 the promiscuous applications like snoop or tcpdump:
235 adb -w /stand/vmunix /dev/mem
236 lanc_outbound_promisc_flag/W 1
237 (adb will echo the result showing that the flag has
240 (Thanks for this part to HP-support, Ratingen)
242 The attached hack does this and some security-related stuff
243 (thanks to hildeb@www.stahl.bau.tu-bs.de (Ralf Hildebrandt) who
244 posted the security-part some time ago)
248 (Don't switch IP-forwarding off, if you need it !)
249 Install the hack as /sbin/init.d/hacl_ip_stack (adjust
250 permissions !) and make a sequencing-symlink
251 /sbin/rc2.d/S350hack_ip_stack pointing to this script.
252 Now all this is done on every reboot.
254 Here's the "hack_ip_stack" script:
256 -----------------------------------Cut Here-------------------------------------
259 # nettune: hack kernel parms for safety
264 # /usr/contrib/bin fuer nettune auf Pfad
265 PATH=/sbin:/usr/sbin:/usr/bin:/usr/contrib/bin
275 print "Tune IP-Stack for security"
280 print "This action is not applicable"
292 print "USAGE: $0 {start_msg | stop_msg | start | stop}" >&2
302 # tcp-Sequence-Numbers nicht mehr inkrementieren sondern random
303 # Syn-Flood-Protection an
306 # Ausgehende Packets an ethereal/tcpdump etc.
308 /usr/contrib/bin/nettune -s tcp_random_seq 2 || exit $ERROR
309 /usr/contrib/bin/nettune -s hp_syn_protect 1 || exit $ERROR
310 /usr/contrib/bin/nettune -s ip_forwarding 0 || exit $ERROR
311 echo 'ip_block_source_routed/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem || exit $ERROR
312 echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem || exit $ERROR
315 -----------------------------------Cut Here-------------------------------------