How to Check Packets From All Interfaces
-
On the local host, assume the Network Management role or become superuser.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Print information about the interfaces that are attached to the system.
# ifconfig -a
The snoop command normally uses the first non-loopback device, typically the primary network interface.
-
Begin packet capture by typing snoop without arguments, as shown in Example 8–19.
-
Use Control-C to halt the process.
Example 8–19 Output From the snoop Command
The basic snoop command returns output that resembles the following, for a dual-stack host.
% snoop
Using device /dev/hme (promiscuous mode)
farhost.remote.com -> myhost RLOGIN C port=993
myhost -> farhost.remote.com RLOGIN R port=993 Using device /dev/hme
router5.local.com -> router5.local.com ARP R 10.0.0.13, router5.local.com is
0:10:7b:31:37:80
router5.local.com -> BROADCAST TFTP Read "network-confg" (octet)
farhost.remote.com -> myhost RLOGIN C port=993
myhost -> nisserve2 NIS C MATCH 10.0.0.64 in ipnodes.byaddr
nisserve2 -> myhost NIS R MATCH No such key
blue-112 -> slave-253-2 NIS C MATCH 10.0.0.112 in ipnodes.byaddr
myhost -> DNSserver.local.com DNS C 192.168.10.10.in-addr.arpa. Internet PTR ?
DNSserver.local.com myhost DNS R 192.168.10.10.in-addr.arpa. Internet PTR
niserve2.
.
.
farhost.remote.com-> myhost RLOGIN C port=993
myhost -> farhost.remote.com RLOGIN R port=993 fe80::a00:20ff:febb:
.
fe80::a00:20ff:febb:e09 -> ff02::9 RIPng R (5 destinations)
|
The packets that are captured in this output show a remote login section, including lookups to the NIS and DNS servers for address resolution. Also included are periodic ARP packets from the local router and advertisements of the IPv6 link-local address to in.ripngd.
- © 2010, Oracle Corporation and/or its affiliates