"I'm looking for a sniffer (analizer) that is portable and runs UNIX as
its OS for ethernet and token ring. I know about Network General, but
they run under DOS on a portable. Please hurry with a response someone
Many asked my reason for a UNIX sniffer, since most hardware/software
integrated solutions run DOS. Well, I want access to text processing
capabilities (grep, awk, sed) and programming in the UNIX environment
which is my native ground for extending my analysis of the data
collected. I have used a number of programs from the internet and those
provided with machines (Suns). I'm was looking for a complete package
(hardware and software) to avoid this task myself and mostly a portable
machine with an X Windows interface (also my programming ground).
The responses are below; thanks everyone:
Daniel R. Bidwell
There is tcpdump that runs on a Linux on a portable.
You should take a look at HP Net Metrix product. I does a lot of the same thing
that SNIFFER does only, in my opinion, alot better. The only bad thing about
the product is that it is pricey. But it does everything SNIFFER does in the
Solaris 1.x or 2.x environment.
Try HP's NetMetrix product.
as far as I know, there is a version from Network General running
Theres snoop that I think comes with sol2. That's unix based s to a pd
version I don't know.
How about etherman and netman? Etherman brings up an x-thing with
each of the nodes, and what kind of traffic is going between them
with some sort of releationship between size and quanity of traffic.
I went out to archie to find it:
Host ftp.cac.psu.edu (220.127.116.11)
Last updated 10:19 5 Aug 1994
FILE -rw-rw-r-- 1074390 bytes 01:00 15 Dec 1993 etherman-1.1a.tar.gz
FILE -rw-rw-r-- 482622 bytes 01:00 15 Dec 1993 etherman-1.1a.tar.gz
FILE -rw-rw-r-- 479249 bytes 01:00 15 Dec 1993 etherman-1.1a.tar.gz
FILE -rw-rw-r-- 433482 bytes 01:00 15 Dec 1993 etherman-1.1a.tar.gz
HP has a product called NetMetrix. I have used the "Load Monitor" and
"NFS Monitor" modules. They work well. They also sell "Protocol Analyser"
and "Traffic Generator" modules. Each cost about $2000 for a floating
Since unix is so variable as to how it does its actual hardware access,
and since you have to access the ethernet board directly -- you won't
find a general solution under UNIX. For SunOS try etherfind. For
Solaris try snoop. Both come with the OS I'm pretty sure.
I havent found one for AIX, and HP used to ship one, but I think they
My solution was to get a cheap PC, and use it instead of trying to find a
general solution for unix.
The snoop (/usr/sbin/snoop) utility will do exactly what you are looking for.
Available standard in the Solaris 2.x distribution and in source code on
several ftp servers in case you still use SunOS 4.x
Frontier Technology has a software product called NETscout that runs on
SunOS 4.x. It supports the RMON mib (so it can give you lots of good
info), plus a very nice gui for looking at packet info, rates, data
Sorry, but I don't have any contact info on these guys.
SunOS 4.x has a program called etherfind bundled; Solaris 2.x has
snoop, which is far superior I think.
Network General has UNIX version of Sniffer software which runs on SunOS.
There used to be a product called NetMetrix which included LAN
monitor and analysis capapbility. It ran on SUN and possibly other
UNIX systems. I believe it is now owned by HP.
Now I understand. We purchased a Network General Sniffer be causes it
was the best LAN analyzer we could find. The Sniffer comes with the
capability to download/upload to other systems for massaging of the
collected data. This may not be the ideal situation but we are willing
to work with in. The only thing I can think of is to attempt to get
the Sniffer ro run another UNIX on another disk, the flavor of UNIX
dosen't matter. Currently, at home, I have DOS and Linux coexisting
on one machine, they can't run at the same time but I don't need that.
What I can do with this setup is to read files on DOS partitions
mounted within the UNIX file system. This maybe something to look at
with the Sniffer and you will already have a built in ethernet
John Justin Hough
4.x.x has etherfind and 2.x has snoop to look at packets, if use the
-x -v options with arguments "greater 1" you'll see every packet on
Ever think of getting a SparcBook and then running the public domain
program "PacketMan" ?
Jim Redpath SRI International, Menlo Park CA
email@example.com Center for Technology Transfer
Software Engineer and Integration
Fort Gordon, GA Field Site
Phone: (706) 855-9912
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:14 CDT