Thanks so much to all people who sent me some hints:
Tim Brown <tmb@myxa.com>
Brian O'Mahoney <brian@teraflex.com>
"Marcelo Maraboli R." <maraboli@dcsc.utfsm.cl>
David Thorburn-Gundlach <david@bae.uga.edu>
Well, looks like there is no software that will looks through for IPX
headers yet. So the only solution is use of 'snoop' or 'tcpdump' and
manually looking through hex numbers to find out about what kind
of a higher level protocol the captured packet carries.
# snoop -o test -v
Will write detailed info about ethernet frames. So then you can
grep special MAC addresses and analize the whole packet and its data:
# snoop -i test -x 0
David Thorburn-Gundlach <david@bae.uga.edu> wrote the following:
>You should be able to use good old snoop to grab packets a(with
>headers, of course) and then filter against a particlar length or
>signature (something like "ether[x:y] = IPX_signature", maybe).
"Marcelo Maraboli R." <maraboli@dcsc.utfsm.cl> adviced tcpdump:
> tcpdump does this....you just put "tcpdump not ip"
And Brian O'Mahoney <brian@teraflex.com> claimed for:
>A late copy of TCPDUMP + LIBPCAP will do it.
I didn't tried tcpdump yet. Maybe it has some other useful features.
With kind regards,
Vitaly Beliaev
--- Vitaly Beliaev Unix Systems Administration, JSC MMK, Russian Federationvoice: +7 (3511) 335639 mailto://vit@mmk.ru http://www.mmk.ru -=======================================================-