TCP IP Illustrated

Although solaris 2x is still new an implementation of

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: module nit_pf. Notice in Figure A.2 that this module is used by the RARP daemon, but not by tcpdump. Instead, under SunOS tcpdump performs its own filtering in the user process. The reason is that the hypothetical machine instructions used by nit_pf are different (and not as powerful) as those supported by BPF. This means that when the user specifies a filter expression to tcpdump more data crosses the kernel-to-user boundary with NIT than with BPF. A.3 SVR4 Data Link Provider Interface SVR4 supports the Data Link Provider Interface (DLPI) which is a streams implementation of the OSI Data Link Service Definition. Most versions of SVR4 still support version 1 of the DLPI, SVR4.2 supports both versions 1 and 2, and Sun's Solaris 2.x supports version 2, with additional enhancements. Network monitoring programs such as tcpdump must use the DLPI for raw access to the data-link device drivers. In Solaris 2.x the packet filter streams module has been renamed pfmod and the buffer module has been renamed bufmod. Although Solaris 2.x is still new, an implementation of tcpdump should appear file:///D|/Documents%20and%20Settings/bigini/Docu...homenet2run/tcpip/tcp-ip-illustrated/append_a.htm (4 of 7) [12/09/2001 14.47.59] Appendix A: The tcpdump Program someday. Sun also supplies a program named snoop that performs functions similar to tcpdump. (snoop replaces the SunOS 4.x program named etherfind.) The author is not aware of any port of tcpdump to vanilla SVR4. A.4 tcpdump Output The output produced by tcpdump is "raw." We'll modify it for inclusion in the text to make it easier to read. First, it always outputs the name of the network interface on which it is listening. We'll delete this line. Next, the timestamp output by tcpdump is of the form 09:11:22.642008 on a system with microsecond resolution, or 09:11:22.64 on a system with only 10-ms clock resolution. (In Appendix B we talk more about computer clock resolution.) In either case the HH:MM:SS format is not what we want. Instead we are interested in both...
View Full Document

This test prep was uploaded on 04/04/2014 for the course ECE EL5373 taught by Professor Guoyang during the Spring '12 term at NYU Poly.

Ask a homework question - tutors are online