Use nettl to capture packets on a HP-UX

The HP-UX provides its own packet capture tool, nettl. It comes in handy when tcpdump is not available (for example, tcpdump won't be able to catch the package on the loop on the HP-UX. Summarize the main usage of nettl for future reference. Start packet capture: # nettl-tnall-eall-maxtrace99999-f/tmp/tixiang # nettl-

The HP-UX provides its own packet capture tool, nettl. It comes in handy when tcpdump is not available (for example, tcpdump won't be able to catch the package on the loop on the HP-UX. Summarize the main usage of nettl for future reference. Start packet capture: # nettl-tn all-e all-maxtrace 99999-f/tmp/tixiang # nettl-tn loopback-e ns_ls_tcp-maxtrace 99999-f/tmp/tixiang # nettl-tn pduin pduout -e ns_ls_loopback-tm 100000-f/tmp/local # nettl-tn pduin pduout-e ns_ls_loopback-m 56-tm 100000-f/tmp/local # nettl-tn pduin-e ns_ls_loopback-m 56-tm 100000-f/tmp/local-m size limit the size of each package. We are not necessarily interested in all packages. this option is very effective when we are only interested in headers. The FDB protocol uses a packet header of 16 bytes, plus 20 bytes of the IP header and 20 bytes of the TCP header, that is, we only need a total of 56 bytes to determine the basic information of a package. -E subsytem: the type of the packet to be captured, which can be obtained using nettl-status. Ns_ls_loopback ns_ls_ip ns_ls_tcp ns_ls_udp ns_ls_icmp-tm maxsize maximum size of each file. if this size is exceeded, the next packet capture file will be used. Unit: KB. Valid value: 100 ~ 99999 the output file of the captured packets is/tmp/tixiang. xxxx, use ls-l/tmp/tixiang. * Check description: If a package is captured on ns_ls_loopback, if pduin and pduout are specified, two copies will be taken for each package, because one copy is two copies. If-tn all-e all is specified, multiple copies will be caught because one package may belong to different subsystems. for example, a tcp package belongs to both tcp and ip. You can use wireshark to open and analyze captured packets. You can also use the netfmt built-in HP-UX for analysis. View the status and-entity available information: # nettl-status stop packet capture: # nettl-tf-e all analysis of the package we can use netfmt to view the captured package: netfmt-N-l-f/tmp/nettl_t * | more can filter the packages we are interested in, use-c to pass in the filter file netfmt-N-l-c filter-f/tmp/nettl_t * | more filter is the filter file, and the file content is similar to the following: filter tcp_sport 1234 filter tcp_dport 1234 each row is a filtering condition, and the relationship between rows is OR. Display in row mode (in this mode, the specific data of the package is not displayed) netfmt-N-n-l-1-f/tmp/nettl_t * | more: add the timestamp netfmt-T-n-l-1-f/tmp/ nettl_t * | more

Refer:

Http://www.compute-aid.com/nettl.html http://docs.hp.com/en/B2355-60105/nettl.1M.html http://docs.hp.com/en/B2355-60105/netfmt.1M.html