System Administration Guide: IP Services

ProcedureHow to Check Packets From All Interfaces

  1. On the local host, assume the Network Management role or become superuser.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Print information about the interfaces that are attached to the system.

    # ifconfig -a

    The snoop command normally uses the first non-loopback device, typically the primary network interface.

  3. Begin packet capture by typing snoop without arguments, as shown in Example 8–19.

  4. Use Control-C to halt the process.

Example 8–19 Output From the snoop Command

The basic snoop command returns output that resembles the following, for a dual-stack host.

% snoop
Using device /dev/hme (promiscuous mode) -> myhost       RLOGIN C port=993 
    myhost ->   RLOGIN R port=993 Using device /dev/hme -> ARP R, is
    0:10:7b:31:37:80 -> BROADCAST     TFTP Read "network-confg" (octet) -> myhost       RLOGIN C port=993 
    myhost ->   nisserve2          NIS C MATCH in ipnodes.byaddr
nisserve2 ->    myhost             NIS R MATCH No such key
    blue-112 -> slave-253-2        NIS C MATCH in ipnodes.byaddr
myhost ->      DNS C Internet PTR ?  myhost        DNS R Internet PTR 
.> myhost        RLOGIN C port=993 
    myhost ->   RLOGIN R port=993 fe80::a00:20ff:febb:
fe80::a00:20ff:febb:e09 -> ff02::9 RIPng R (5 destinations)

The packets that are captured in this output show a remote login section, including lookups to the NIS and DNS servers for address resolution. Also included are periodic ARP packets from the local router and advertisements of the IPv6 link-local address to in.ripngd.