Packet Tracing


John A. Shriver (jas@monk.proteon.com)
Tue, 14 Apr 87 11:39:04 AST


In the 4.2BSD/4.3BSD world, the program is /etc/trpt, which stands for
TRansliterate Protocol Trace. It's documented in section 8 of the
UNIX manuals.

By setting SO_DEBUG with a setsockopt() call, you can cause TCP
protocol traces to be accumulated in the kernel. This is done by
routine tcp_debug() in the file ~sys/netinet/tcp_debug.c. It keeps
the data in a compacted format in a circular buffer, that /etc/trpt
reads out and formats.

Unfortunately, at least in SunOS Version 3.0, Sun has removed the
actual code for tcp_debug() in the kernel. It only contains a return.
Of course, they still provide /etc/trpt, but it cusses that it can't
find the symbol for the buffer in the kernel. I can't understand WHY
they did this, but they did. I have in the past been able to get Sun
software support to send me a binary tcp_debug.o that has not been
lobotomized. Alternatively you probably would have no problem
dropping the 4.2BSD code into the hole, you might also have to fix the
header file.

Other 4.2BSD vendors are more reasonable. The code is all there in
Ultrix-32 Version 1.2.

The other frustrating problem is that some of the TCP applications
have no way to request them to set the debug option.



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:38:07 GMT