netsniff

Ethernet sniffing utility (QNX)

Syntax:

netsniff [options]... 

Options:

-a src_dst_nid

Buffer any packets that are addressed to or from the specified physical node ID (src_dst_nid)

-d dst_nid

Buffer only packets that are addressed to the specified physical destination node ID (dst_nid)

-D protocol

Don't display packets with the given protocol type. The protocol argument may be specified in decimal, hex (prefixed by 0x) or octal (prefixed by 0). Multiple -D options may be specified.

-f

Only fill buffer. Instead of the default continuous received packet display (with possible overflows of packet buffer) quit after packet buffer fills.

-i

Instead of the default hex/ASCII packet content display, try to interpret the packet contents.

-I

Interpret packet contents as per -i, but give more detail.

-L len

Statistics mode; len is the minimum length to display.

-l log_lan

("el") Buffer only packets received from the specified logical LAN. Default is all LANs.

-m num_Kbytes

Allocate the size (in kilobytes) of packet buffer RAM. Default 1024, max 32767, min 64.

-n num_bytes

Display the number of bytes of each packet (default 48).

-p protocol

Display packets of this protocol type. The protocol argument may be specified in decimal, hex (prefixed by 0x) or octal (prefixed by 0). Multiple -p options may be specified.

-Q

Display QNX packets. Equivalent to -p 0x8203.

-S

Turn on statistics mode (based on src_nid).

-s src_nid

Buffer only packets that are addressed from the specified physical source node ID (src_nid)

-T secs

Statistics mode; secs specifies the period (default 10 seconds).

Description:

The netsniff utility is an Ethernet network sniffing utility. It has been shipped as a debugging utility should you run into problems using Ethernet.

Figuring out which options to use to specify your src_nid/dst_nid filter looks a bit confusing, but really isn't. Proof by example follows:

If you want to look only at packets transmitted by node 0000c0129e40:

netsniff -s 0000c0129e40

If you want to look only at packets received by node 0000c0109e40:

netsniff -d 0000c0109e40

If you want to look only at packets transmitted by node 0000c0129e40 and received by node 0000c0109e40:

netsniff -s 0000c0129e40   -d 0000c0109e40

If you want to look only at packets transmitted or received by node 0000c0129e40 (this is a popular mode):

netsniff -a 0000c0129e40

To do anything really useful with netsniff on Ethernet, be sure to run your Net.ether* driver with the -P option to tell it to buffer all packets (16-bit cards are best for this). Otherwise, you will see only broadcasted packets with netsniff, which is usually pretty boring.

The netsniff utility sees only packets that aren't grabbed by some other process attaching to the raw side of things. So, QNX packets addressed to your node aren't seen, nor are TCP/IP packets if you're running Sock[l]et.

To see these packets, put a second ethernet card in the machine, plug it into the same LAN, but make sure nobody has netmap entries for it. As described above, run the Net.ether* driver with the -P option so it gets all packets, then run netsniff on this card. You should see everything without interfering with normal QNX networking (except that the transfer of twice the normal load could slow down the machine somewhat if the bus gets busy).

See also:

Net, Net.*, netinfo, netmap