On Fri, 25 Mar 2005 11:19:14 -0500, Jason Mather wrote:

> Christian wrote:
>> Hi,
>> can anyone help me on how to write an AIX 4.3.2 raw ethernet sniffer?.
>> My intention is to sniffer all TCP packet bewtween two remore hosts
>> which are different from AIX machine. I think I shold open a socket in
>> RAW mode and via ioctl I shold set ethernet to accept all
>> packets...HOW??
>>
>>
>> Thanks
>>
>> Christian
>
> also tcpdump
> http://aixpdslib.seas.ucla.edu/packages/tcpdump.html

Tcpdump is part of AIX and has been since at least 4.2.1 (I don't have
anything more ancient. It's in bos.net.tcp.server which IME gets
installed by default.

What the OP wants to do may not be possible, depending on the ethernet
fabric. Switches, which are most common nowadays, do not send packets to
all ports indiscriminately, they remember what MAC address is on what port
and send the packets only to the required destination. So if macine C is
trying to sniff packets between A and B, it won't see most of them. It'll
work with a hub.

BTW I don't recommend running ethereal on AIX, not in packet capture mode
anyway, I've had a couple of instances of it crashing it - with IBM's
build of ethereal from the "Toolbox for Linux" CD. To be safe, I don't
install ethereal on AIX. I run tcpdump with output to a file and ship the
file to a Linux machine and examine it with ethereal.

Regards, Ian