On the local host, assume the Network Management role or become superuser.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Print information about the interfaces that are attached to the system.
# ifconfig -a |
The snoop command normally uses the first non-loopback device, typically the primary network interface.
Begin packet capture by typing snoop without arguments, as shown in Example 7–19.
Use Control-C to halt the process.
The basic snoop command returns output that resembles the following, for a dual-stack host.
% snoop Using device /dev/hme (promiscuous mode) farhost.remote.com -> myhost RLOGIN C port=993 myhost -> farhost.remote.com RLOGIN R port=993 Using device /dev/hme router5.local.com -> router5.local.com ARP R 10.0.0.13, router5.local.com is 0:10:7b:31:37:80 router5.local.com -> BROADCAST TFTP Read "network-confg" (octet) myhost -> DNSserver.local.com DNS C 192.168.10.10.in-addr.arpa. Internet PTR ? DNSserver.local.com myhost DNS R 192.168.10.10.in-addr.arpa. Internet PTR niserve2. . . farhost.remote.com-> myhost RLOGIN C port=993 myhost -> farhost.remote.com RLOGIN R port=993 fe80::a00:20ff:febb: . fe80::a00:20ff:febb:e09 -> ff02::9 RIPng R (5 destinations) |
The packets that are captured in this output show a remote login section, including lookups to the NIS and DNS servers for address resolution. Also included are periodic ARP packets from the local router and advertisements of the IPv6 link-local address to in.ripngd.