Installing tcpdump on Solaris 8
Angela Orebaugh
Installing TCPDUMP on Solaris 8
1. TCPDUMP requires libpcap to work. First download
tcpdump-3.6.1-solaris-sparc.pkg.tar.Z and
libpcap-0.6.1-solaris-sparc.pkg.tar.Z from
http://condmat.uniovi.es/tcpdump. This link is found on the main
tcpdump site at http://www.tcpdump.org. These files are the
precompiled binaries for Solaris Sparc systems.
2. After downloading or FTPing the files to the Solaris box move them
to the /tmp directory
# mv tcpdump-3.6.1-solaris-sparc.pkg.tar.Z /tmp
# mv libpcap-0.6.1-solaris-sparc.pkg.tar.Z /tmp
3. Next, change to the tmp directory and unzip and untar libpcap.
# cd tmp
# gunzip libpcap-0.6.1-solaris-sparc.pkg.tar.Z
# tar -xvf libpcap-0.6.1-solaris-sparc.pkg.tar
x TCPGpcap, 0 bytes, 0 tape blocks
x TCPGpcap/pkgmap, 877 bytes, 2 tape blocks
x TCPGpcap/pkginfo, 532 bytes, 2 tape blocks
x TCPGpcap/root, 0 bytes, 0 tape blocks
x TCPGpcap/root/opt, 0 bytes, 0 tape blocks
x TCPGpcap/root/opt/libpcap, 0 bytes, 0 tape blocks
x TCPGpcap/root/opt/libpcap/include, 0 bytes, 0 tape blocks
x TCPGpcap/root/opt/libpcap/include/net, 0 bytes, 0 tape blocks
x TCPGpcap/root/opt/libpcap/include/net/bpf.h, 12943 bytes, 26 tape
blocks
x TCPGpcap/root/opt/libpcap/include/pcap-namedb.h, 3326 bytes, 7 tape
blocks
x TCPGpcap/root/opt/libpcap/include/pcap.h, 6317 bytes, 13 tape blocks
x TCPGpcap/root/opt/libpcap/lib, 0 bytes, 0 tape blocks
x TCPGpcap/root/opt/libpcap/lib/libpcap.a, 150556 bytes, 295 tape
blocks
x TCPGpcap/root/opt/libpcap/share, 0 bytes, 0 tape blocks
x TCPGpcap/root/opt/libpcap/share/man, 0 bytes, 0 tape blocks
x TCPGpcap/root/opt/libpcap/share/man/man3, 0 bytes, 0 tape blocks
x TCPGpcap/root/opt/libpcap/share/man/man3/pcap.3, 11950 bytes, 24
tape blocks
x TCPGpcap/install, 0 bytes, 0 tape blocks
x TCPGpcap/install/copyright, 875 bytes, 2 tape blocks
x TCPGpcap/install/depend, 755 bytes, 2 tape blocks
x TCPGpcap/install/version, 25 bytes, 1 tape blocks
4. Now, unzip and untar tcpdump.
# gunzip tcpdump-3.6.1-solaris-sparc.pkg.tar.Z
# tar -xvf tcpdump-3.6.1-solaris-sparc.pkg.tar
x TCPGtcpd, 0 bytes, 0 tape blocks
x TCPGtcpd/pkgmap, 567 bytes, 2 tape blocks
x TCPGtcpd/pkginfo, 541 bytes, 2 tape blocks
x TCPGtcpd/root, 0 bytes, 0 tape blocks
x TCPGtcpd/root/opt, 0 bytes, 0 tape blocks
x TCPGtcpd/root/opt/tcpdump, 0 bytes, 0 tape blocks
x TCPGtcpd/root/opt/tcpdump/sbin, 0 bytes, 0 tape blocks
x TCPGtcpd/root/opt/tcpdump/sbin/tcpdump, 511640 bytes, 1000 tape
blocks
x TCPGtcpd/root/opt/tcpdump/share, 0 bytes, 0 tape blocks
x TCPGtcpd/root/opt/tcpdump/share/man, 0 bytes, 0 tape blocks
x TCPGtcpd/root/opt/tcpdump/share/man/man1, 0 bytes, 0 tape blocks
x TCPGtcpd/root/opt/tcpdump/share/man/man1/tcpdump.1, 57256 bytes, 112
tape blocks
x TCPGtcpd/install, 0 bytes, 0 tape blocks
x TCPGtcpd/install/copyright, 875 bytes, 2 tape blocks
x TCPGtcpd/install/depend, 832 bytes, 2 tape blocks
x TCPGtcpd/install/version, 25 bytes, 1 tape blocks
5. Next perform the package add command to add both packages.
# pkgadd -d .
The following packages are available:
1 TCPGpcap libpcap - packet capture library
(sparc) 0.6.1,REV=00.12.16.11.43
2 TCPGtcpd tcpdump - dump traffic on a network
(sparc) 3.6.1,REV=00.12.21.11.43
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
Processing package instance <TCPGpcap> from </tmp>
libpcap - packet capture library
(sparc) 0.6.1,REV=00.12.16.11.43
License: BSD
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. The names of the authors may not be used to endorse or promote
products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
## Processing package information.
## Processing system information.
1 package pathname is already properly installed.
## Verifying package dependencies.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing libpcap - packet capture library as <TCPGpcap>
## Installing part 1 of 1.
/opt/libpcap/include/net/bpf.h
/opt/libpcap/include/pcap-namedb.h
/opt/libpcap/include/pcap.h
/opt/libpcap/lib/libpcap.a
/opt/libpcap/man <symbolic link>
/opt/libpcap/share/man/man3/pcap.3
[ verifying class <none> ]
Installation of <TCPGpcap> was successful.
The following packages are available:
1 TCPGpcap libpcap - packet capture library
(sparc) 0.6.1,REV=00.12.16.11.43
2 TCPGtcpd tcpdump - dump traffic on a network
(sparc) 3.6.1,REV=00.12.21.11.43
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 2
Processing package instance <TCPGtcpd> from </tmp>
tcpdump - dump traffic on a network
(sparc) 3.6.1,REV=00.12.21.11.43
License: BSD
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. The names of the authors may not be used to endorse or promote
products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
## Processing package information.
## Processing system information.
1 package pathname is already properly installed.
## Verifying package dependencies.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing tcpdump - dump traffic on a network as <TCPGtcpd>
## Installing part 1 of 1.
/opt/tcpdump/man <symbolic link>
/opt/tcpdump/sbin/tcpdump
/opt/tcpdump/share/man/man1/tcpdump.1
[ verifying class <none> ]
Installation of <TCPGtcpd> was successful.
The following packages are available:
1 TCPGpcap libpcap - packet capture library
(sparc) 0.6.1,REV=00.12.16.11.43
2 TCPGtcpd tcpdump - dump traffic on a network
(sparc) 3.6.1,REV=00.12.21.11.43
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: q
6. Next change to the tcpdump directory and execute the tcpdump
command.
# cd /opt/tcpdump/sbin
# ./tcpdump
tcpdump: listening on hme0
David Barr
>Angela Orebaugh <angela_...@yahoo.com> wrote:
># Here is a quick how-to:
>#
># Installing TCPDUMP on Solaris 8
>
>That was certainly a Grade-A guide.
>
>But why wouldn't one use snoop on Solaris?
>
>The same guy at Sun who wrote NFS also wrote snoop.
>That's an impressive pedigree.
For one reason, snoop, in its infinite stupidity, does
not have a "don't resolve IP addresses to names" option.
tcpdump also does a much better job picking apart many
application packets.
tcpdump also has a longer pedigree and far wider
acceptance. libpcap, for one, is used by many other
apps and utilities.
--Dave
Rich Teer
> # For one reason, snoop, in its infinite stupidity, does
> # not have a "don't resolve IP addresses to names" option.
>
> "Infinite stupidity"? That was uncalled for.
Especially when it isn't true; from the snoop man page:
-r Do not resolve the IP address to the symbolic name.
This prevents snoop from generating network traffic
while capturing and displaying packets. However, if
the -n option is used, and an address is found in the
mapping file, its corresponding name will be used.
--
Rich Teer
President,
Rite Online Inc.
Voice: +1 (250) 979-1638
URL: http://www.rite-online.net
Tony Walton
>
> On 1 Aug 2001 cyp...@punk.net wrote:
>
> > # For one reason, snoop, in its infinite stupidity, does
> > # not have a "don't resolve IP addresses to names" option.
> >
> > "Infinite stupidity"? That was uncalled for.
>
> Especially when it isn't true; from the snoop man page:
>
> -r Do not resolve the IP address to the symbolic name.
> This prevents snoop from generating network traffic
> while capturing and displaying packets. However, if
> the -n option is used, and an address is found in the
> mapping file, its corresponding name will be used.
To be fair, the -r option has only been there since Solaris 8.
Versions prior to that would appear to be infinitely stupid.
--
Tony
Richard L. Hamilton
Rich Teer <ri...@rite-group.com> writes:
> On 1 Aug 2001 cyp...@punk.net wrote:
>
>> # For one reason, snoop, in its infinite stupidity, does
>> # not have a "don't resolve IP addresses to names" option.
>>
>> "Infinite stupidity"? That was uncalled for.
>
> Especially when it isn't true; from the snoop man page:
>
> -r Do not resolve the IP address to the symbolic name.
> This prevents snoop from generating network traffic
> while capturing and displaying packets. However, if
> the -n option is used, and an address is found in the
> mapping file, its corresponding name will be used.
Does now, didn't always; wasn't in 2.6, for example. Not sure
when it first appeared.
--
ftp> get |fortune
377 I/O error: smart remark generator failed
Bogonics: the primary language inside the Beltway
mailto:rlh...@mindwarp.smart.net http://www.smart.net/~rlhamil