John Hawkinson writes:
anything else. Best to do this on a box that does native BPF, though (asn an example SunOS does not do BPF and NIT can't handle the traffic without dropping most stuff).
BPF support for SunOS has been avaialable for years.
At the present time, it is distributed as part of the ipmulti distribution (ftp://ftp.parc.xerox.com:/pub/net-research/ipmulti), and I believe that the LBL bpf distribution includes SunOS kernel .o files (ftp://ftp.ee.lbl.gov:/bpf.tar.Z).
Yes, I know, but it doesn't ship with SunOS. You are, of course, correct that you can add it with a little help from the net. It is very important to use BPF instead of NIT and its Solaris replacement (the name escapes me) if you expect to be able to keep up while monitoring the network. I've been able to record all the traffic on ethernets using even ancient slow PCs without dropping more than a trivial number of packets with BPF -- I've been unable to get even fast Suns to keep up with an ethernet. Perry