From: Jim Redpath SRI Georgia Field Site (
Date: Sat Nov 05 1994 - 05:15:14 CST

Sun Managers:

"I'm looking for a sniffer (analizer) that is portable and runs UNIX as
its OS for ethernet and token ring. I know about Network General, but
they run under DOS on a portable. Please hurry with a response someone
out there."

Many asked my reason for a UNIX sniffer, since most hardware/software
integrated solutions run DOS. Well, I want access to text processing
capabilities (grep, awk, sed) and programming in the UNIX environment
which is my native ground for extending my analysis of the data
collected. I have used a number of programs from the internet and those
provided with machines (Suns). I'm was looking for a complete package
(hardware and software) to avoid this task myself and mostly a portable
machine with an X Windows interface (also my programming ground).

The responses are below; thanks everyone:

Daniel R. Bidwell
There is tcpdump that runs on a Linux on a portable.

Michael Scott
You should take a look at HP Net Metrix product. I does a lot of the same thing
that SNIFFER does only, in my opinion, alot better. The only bad thing about
the product is that it is pricey. But it does everything SNIFFER does in the
Solaris 1.x or 2.x environment.

Jim Hand
Try HP's NetMetrix product.

Swee-Chuan Khoo
as far as I know, there is a version from Network General running
on SUN.

Theres snoop that I think comes with sol2. That's unix based s to a pd
version I don't know.

Pamela Pledger
How about etherman and netman? Etherman brings up an x-thing with
each of the nodes, and what kind of traffic is going between them
with some sort of releationship between size and quanity of traffic.

        I went out to archie to find it:
Host (
Last updated 10:19 5 Aug 1994

    Location: /pub/unix/netman/dec-alpha
      FILE -rw-rw-r-- 1074390 bytes 01:00 15 Dec 1993 etherman-1.1a.tar.gz

    Location: /pub/unix/netman/dec-mips
      FILE -rw-rw-r-- 482622 bytes 01:00 15 Dec 1993 etherman-1.1a.tar.gz

    Location: /pub/unix/netman/sgi
      FILE -rw-rw-r-- 479249 bytes 01:00 15 Dec 1993 etherman-1.1a.tar.gz

    Location: /pub/unix/netman/sun4c
      FILE -rw-rw-r-- 433482 bytes 01:00 15 Dec 1993 etherman-1.1a.tar.gz

Jeff Cummings
HP has a product called NetMetrix. I have used the "Load Monitor" and
"NFS Monitor" modules. They work well. They also sell "Protocol Analyser"
and "Traffic Generator" modules. Each cost about $2000 for a floating
network license.
Since unix is so variable as to how it does its actual hardware access,
and since you have to access the ethernet board directly -- you won't
find a general solution under UNIX. For SunOS try etherfind. For
Solaris try snoop. Both come with the OS I'm pretty sure.

I havent found one for AIX, and HP used to ship one, but I think they

My solution was to get a cheap PC, and use it instead of trying to find a
general solution for unix.

Koen Peeters
The snoop (/usr/sbin/snoop) utility will do exactly what you are looking for.
Available standard in the Solaris 2.x distribution and in source code on
several ftp servers in case you still use SunOS 4.x

Glenn Satchell
Frontier Technology has a software product called NETscout that runs on
SunOS 4.x. It supports the RMON mib (so it can give you lots of good
info), plus a very nice gui for looking at packet info, rates, data
capture/disassembly, etc.

Sorry, but I don't have any contact info on these guys.

SunOS 4.x has a program called etherfind bundled; Solaris 2.x has
snoop, which is far superior I think.

David Zhu
Network General has UNIX version of Sniffer software which runs on SunOS.

There used to be a product called NetMetrix which included LAN
monitor and analysis capapbility. It ran on SUN and possibly other
UNIX systems. I believe it is now owned by HP.

Bert Robbins
Now I understand. We purchased a Network General Sniffer be causes it
was the best LAN analyzer we could find. The Sniffer comes with the
capability to download/upload to other systems for massaging of the
collected data. This may not be the ideal situation but we are willing
to work with in. The only thing I can think of is to attempt to get
the Sniffer ro run another UNIX on another disk, the flavor of UNIX
dosen't matter. Currently, at home, I have DOS and Linux coexisting
on one machine, they can't run at the same time but I don't need that.
What I can do with this setup is to read files on DOS partitions
mounted within the UNIX file system. This maybe something to look at
with the Sniffer and you will already have a built in ethernet

John Justin Hough
  4.x.x has etherfind and 2.x has snoop to look at packets, if use the
  -x -v options with arguments "greater 1" you'll see every packet on
  your network.

J. Adams
Ever think of getting a SparcBook and then running the public domain
program "PacketMan" ?

                               (. .)
  Jim Redpath SRI International, Menlo Park CA Center for Technology Transfer
  Software Engineer and Integration
                               Fort Gordon, GA Field Site
                               Phone: (706) 855-9912

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:14 CDT