Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Time sharing: The use of many people by the computer.

computers / comp.os.vms / Re: Alternative to TCPTRACE ?

SubjectAuthor
* Alternative to TCPTRACE ?Jan-Erik Söderholm
+* Re: Alternative to TCPTRACE ?Volker Halle
|`* Re: Alternative to TCPTRACE ?Jan-Erik Söderholm
| `- Re: Alternative to TCPTRACE ?Jan-Erik Söderholm
`* Re: Alternative to TCPTRACE ?Stephen Hoffman
 `- Re: Alternative to TCPTRACE ?Jan-Erik Söderholm

1
Alternative to TCPTRACE ?

<tvk51c$1ll4e$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=27256&group=comp.os.vms#27256

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: jan-erik...@telia.com (Jan-Erik Söderholm)
Newsgroups: comp.os.vms
Subject: Alternative to TCPTRACE ?
Date: Fri, 24 Mar 2023 13:28:29 +0100
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <tvk51c$1ll4e$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 24 Mar 2023 12:28:28 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="de647d3685505aba3993c94e9da4e5a0";
logging-data="1758350"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/7ORq5gdG+RouMO0Ops2iU"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.8.0
Cancel-Lock: sha1:0V+Ioz6MtisZLDVE2eDq/+NeW80=
Content-Language: sv
 by: Jan-Erik Söderholm - Fri, 24 Mar 2023 12:28 UTC

Hi.

Environment:

$ tcpip sh ver

HP TCP/IP Services for OpenVMS Alpha Version V5.7 - ECO 5
on a COMPAQ AlphaServer DS20E 666 MHz running OpenVMS V8.4-2L2

We use TCPTRACE to monitor network traffic.
It is very helpfull to see the actual data packages that
are on the network when debugging machinery communicaation.

Now, TCPTRACE can only run in one copy at the same time
(on the same VMS system). I guess that has to do with the
way TCPTRACE "jacks" into the tcpip stack...

Does anyone know of any other tool that runs on the VMS system to
monitor network traffic and that can be run in multiple instances?

Regards,

Jan-Erik.

Re: Alternative to TCPTRACE ?

<7a007cd4-3993-4478-b38d-165520769b9bn@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=27257&group=comp.os.vms#27257

  copy link   Newsgroups: comp.os.vms
X-Received: by 2002:a05:622a:1a0d:b0:3d7:9d03:75ae with SMTP id f13-20020a05622a1a0d00b003d79d0375aemr1062939qtb.10.1679662279468;
Fri, 24 Mar 2023 05:51:19 -0700 (PDT)
X-Received: by 2002:ad4:58ab:0:b0:56e:9339:a0c9 with SMTP id
ea11-20020ad458ab000000b0056e9339a0c9mr403150qvb.1.1679662279204; Fri, 24 Mar
2023 05:51:19 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.os.vms
Date: Fri, 24 Mar 2023 05:51:18 -0700 (PDT)
In-Reply-To: <tvk51c$1ll4e$1@dont-email.me>
Injection-Info: google-groups.googlegroups.com; posting-host=2003:c0:8f14:9836:d9d7:a9f8:2a7c:42e7;
posting-account=cHmS7AoAAACMYAFH9kP9m4l8qjrXLvte
NNTP-Posting-Host: 2003:c0:8f14:9836:d9d7:a9f8:2a7c:42e7
References: <tvk51c$1ll4e$1@dont-email.me>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <7a007cd4-3993-4478-b38d-165520769b9bn@googlegroups.com>
Subject: Re: Alternative to TCPTRACE ?
From: volker_h...@hotmail.com (Volker Halle)
Injection-Date: Fri, 24 Mar 2023 12:51:19 +0000
Content-Type: text/plain; charset="UTF-8"
X-Received-Bytes: 1213
 by: Volker Halle - Fri, 24 Mar 2023 12:51 UTC

Jan-Erik,

did you try TCPDUMP ? I didn't test to run multiple instances though.

Volker.

Re: Alternative to TCPTRACE ?

<tvk9eg$1ll4e$2@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=27258&group=comp.os.vms#27258

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: jan-erik...@telia.com (Jan-Erik Söderholm)
Newsgroups: comp.os.vms
Subject: Re: Alternative to TCPTRACE ?
Date: Fri, 24 Mar 2023 14:43:45 +0100
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <tvk9eg$1ll4e$2@dont-email.me>
References: <tvk51c$1ll4e$1@dont-email.me>
<7a007cd4-3993-4478-b38d-165520769b9bn@googlegroups.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 24 Mar 2023 13:43:44 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="de647d3685505aba3993c94e9da4e5a0";
logging-data="1758350"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+Ax7tV7m+1p0WQaWPRkSTa"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.8.0
Cancel-Lock: sha1:OqIqMR19ea6eWVe/TW7s1gW3lG8=
In-Reply-To: <7a007cd4-3993-4478-b38d-165520769b9bn@googlegroups.com>
Content-Language: sv
 by: Jan-Erik Söderholm - Fri, 24 Mar 2023 13:43 UTC

Den 2023-03-24 kl. 13:51, skrev Volker Halle:
> Jan-Erik,
>
> did you try TCPDUMP ? I didn't test to run multiple instances though.
>
> Volker.

One session work. Second session gives:

$ tcpdump host 10.32.137.161
$QIO Failed to start trace
LIBPCAP-F-DRVRSTRT, Error while issuing trace startup command to driver
%SYSTEM-F-DEVACTIVE, device is active
$

Re: Alternative to TCPTRACE ?

<tvk9tt$1ll4e$3@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=27259&group=comp.os.vms#27259

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: jan-erik...@telia.com (Jan-Erik Söderholm)
Newsgroups: comp.os.vms
Subject: Re: Alternative to TCPTRACE ?
Date: Fri, 24 Mar 2023 14:51:58 +0100
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <tvk9tt$1ll4e$3@dont-email.me>
References: <tvk51c$1ll4e$1@dont-email.me>
<7a007cd4-3993-4478-b38d-165520769b9bn@googlegroups.com>
<tvk9eg$1ll4e$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 24 Mar 2023 13:51:58 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="de647d3685505aba3993c94e9da4e5a0";
logging-data="1758350"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+O5XvtNWcfV82B0GKWh/+F"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.8.0
Cancel-Lock: sha1:b0ofn1O0vnkAzKgB1gf+99cfU/w=
In-Reply-To: <tvk9eg$1ll4e$2@dont-email.me>
Content-Language: sv
 by: Jan-Erik Söderholm - Fri, 24 Mar 2023 13:51 UTC

Den 2023-03-24 kl. 14:43, skrev Jan-Erik Söderholm:
> Den 2023-03-24 kl. 13:51, skrev Volker Halle:
>> Jan-Erik,
>>
>> did you try TCPDUMP ? I didn't test to run multiple instances though.
>>
>> Volker.
>
> One session work. Second session gives:
>
> $ tcpdump host 10.32.137.161
> $QIO Failed to start trace
> LIBPCAP-F-DRVRSTRT, Error while issuing trace startup command to driver
> %SYSTEM-F-DEVACTIVE, device is active
> $
>

Similar to how TCPTRACE reports on the second session:

$ tcptrace 10.32.137.161
%SYSTEM-F-DEVACTIVE, device is active
$

A bit more options to format the output in TCPDUMP...

Re: Alternative to TCPTRACE ?

<tvl3os$1qvbo$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=27261&group=comp.os.vms#27261

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: seaoh...@hoffmanlabs.invalid (Stephen Hoffman)
Newsgroups: comp.os.vms
Subject: Re: Alternative to TCPTRACE ?
Date: Fri, 24 Mar 2023 17:13:00 -0400
Organization: HoffmanLabs LLC
Lines: 27
Message-ID: <tvl3os$1qvbo$1@dont-email.me>
References: <tvk51c$1ll4e$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: dont-email.me; posting-host="d1b0ad323a6fd532ce481b178f37c7bb";
logging-data="1932664"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/SMLxnVgH21I3mJ1fEfWu7ue5mnbyhJGM="
User-Agent: Unison/2.2
Cancel-Lock: sha1:NWpfV4KUIsMEE00/KYVmAMmT/zw=
 by: Stephen Hoffman - Fri, 24 Mar 2023 21:13 UTC

On 2023-03-24 12:28:29 +0000, Jan-Erik Sderholm said:

> Does anyone know of any other tool that runs on the VMS system to
> monitor network traffic and that can be run in multiple instances?

As an alternative, the tools don't need to run on OpenVMS. Mirror the
switchport, and use Kali or such to capture and process the network
traffic, whether using wireshark, tcpdump or tcpflow or whatever.

Other common options here (more commonly used for shenanigans) include
mitmproxy, ettercap, or bettercap or such. These tools would be choices
for accessing a classic wide-open SCADA design.

OpenVMS has libpcap starting around TCP/IP Services V5.5 or so, and
which provides another approach for monitoring traffic. This is
underneath tcpdump. There doesn't seem to be much doc for this, though.

Local preference is to instrument the apps or (for this case)
instrumenting a common communications framework. That is obviously a
larger effort, but sorting out network communications has paid benefits
with debugging and monitoring and elsewhere, and incidentally also
makes getting to TLS or DTLS easier.

--
Pure Personal Opinion | HoffmanLabs LLC

Re: Alternative to TCPTRACE ?

<tvl8i3$1rleb$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=27262&group=comp.os.vms#27262

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: jan-erik...@telia.com (Jan-Erik Söderholm)
Newsgroups: comp.os.vms
Subject: Re: Alternative to TCPTRACE ?
Date: Fri, 24 Mar 2023 23:34:44 +0100
Organization: A noiseless patient Spider
Lines: 21
Message-ID: <tvl8i3$1rleb$1@dont-email.me>
References: <tvk51c$1ll4e$1@dont-email.me> <tvl3os$1qvbo$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 24 Mar 2023 22:34:43 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="4c42d7479f6d72fbb1265dbe9d92d2a0";
logging-data="1955275"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+89WEsp/QQmXSrGMdgW6BQ"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.8.0
Cancel-Lock: sha1:SA5mwjxmgll6HQyGfA6yjyZf2og=
In-Reply-To: <tvl3os$1qvbo$1@dont-email.me>
Content-Language: sv
 by: Jan-Erik Söderholm - Fri, 24 Mar 2023 22:34 UTC

Den 2023-03-24 kl. 22:13, skrev Stephen Hoffman:
> On 2023-03-24 12:28:29 +0000, Jan-Erik Sderholm said:
>
>> Does anyone know of any other tool that runs on the VMS system to monitor
>> network traffic and that can be run in multiple instances?
>
> As an alternative, the tools don't need to run on OpenVMS.

They do.

> Mirror the switchport,

Not possible.

> Local preference is to instrument the apps or (for this case) instrumenting
> a common communications framework.

Already in place. But what does documentation and specifications
help when you have bugs in the code implementing them...

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor