TCP IP Illustrated

Using tcpdump with nit means we only see packets sent

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: acket structure. The expression in the second example has been placed in single quotes to prevent the Unix shell from interpreting the special characters. Refer to the tcpdump(l) manual page for complete details of the expression that the user can specify. The bpf(4) manual page details the hypothetical machine instructions used by BPF. [McCanne and Jacobson 1993] compare the design and performance of this machine against other approaches. A.2 SunOS Network Interface Tap SunOS 4.1.x provides a STREAMS pseudo-device driver called the Network Interface Tap or NIT. ([Rago 1993] contains additional details on streams device drivers. We'll call the feature "streams.") NIT is similar to the BSD Packet Filter, but not as powerful or as efficient. Figure A.2 shows the streams modules involved in using NIT. One difference between this figure and Figure A.1 is that BPF can capture packets received from and transmitted through the network interface, while NIT only captures packets received from the interface. Using tcpdump with NIT means we only see packets sent by other hosts on the network-we never see packets transmitted by our own host. (Although BPF works with SunOS 4.1.x, it requires source code changes to the Ethernet device driver, which are impossible for most users who don't have access to the source code.) When the device /dev/nit is opened, the streams driver nit_if is opened. Since NIT is built using streams, processing modules can be pushed on top of the nit_if driver, tcpdump pushes the module nit_buf onto the STREAM. This module aggregates multiple network frames into a single read buffer, with the user process specifying a timeout value. This is similar to what we described with BPF. The RARP daemon doesn't push this module onto its stream, since it deals with a low volume of packets. file:///D|/Documents%20and%20Settings/bigini/Docu...homenet2run/tcpip/tcp-ip-illustrated/append_a.htm (3 of 7) [12/09/2001 14.47.59] Appendix A: The tcpdump Program Figure A.2 SunOS Network Interface Tap The user-specified filtering is done by the streams...
View Full Document

Ask a homework question - tutors are online