test

System Administration Guide: IP Services

Examples

All the examples are based on the following system configuration:


# ifconfig -a 
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
         inet 127.0.0.1 netmask ff000000 
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        zone sandbox 
        inet 127.0.0.1 netmask ff000000 
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 
        zone toybox 
        inet 127.0.0.1 netmask ff000000 
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 
        inet 129.156.211.94 netmask fffff800 broadcast 129.156.215.255 
        ether 8:0:20:f7:d5:79 
hme0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 
        zone sandbox 
        inet 172.0.0.3 netmask ffff0000 broadcast 172.0.255.255 
hme0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 
        zone toybox 
        inet 172.0.0.1 netmask ffff0000 broadcast 172.0.255.255 
#

The output shows three interfaces in the system:

Interfaces 

Address 

Zone 

lo0 

127.0.0.1 

Global 

lo0:1 

127.0.0.1 

Zone 1 (sandbox) 

lo0:2 

127.0.0.1 

Zone 2 (toybox) 

hme0 

129.156.211.94 

Global 

hme0:1 

172.0.0.3 

Zone 1 (sandbox) 

hme0:2 

172.0.0.1 

Zone 2 (toybox) 

You can issue the snoop -I command on the different interfaces on the system. The packet information that is displayed depends on whether you are an administrator for the global zone or for the non-global zone.

Example 7–22 Traffic on the Loopback Interface


# snoop -I lo0
Using device ipnet/lo0 (promiscuous mode)
   localhost -> localhost    ICMP Echo request (ID: 5550 Sequence number: 0)
   localhost -> localhost    ICMP Echo reply (ID: 5550 Sequence number: 0)

To generate a verbose output, use the -v option.


# snoop -v -I lo0
Using device ipnet/lo0 (promiscuous mode)
IPNET:  ----- IPNET Header -----
IPNET:  
IPNET:  Packet 1 arrived at 10:40:33.68506
IPNET:  Packet size = 108 bytes
IPNET:  dli_version = 1
IPNET:  dli_type = 4
IPNET:  dli_srczone = 0
IPNET:  dli_dstzone = 0
IPNET:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
...

This support for observing packets on the IP layer introduces a new ipnet header that precedes the packets that are being observed. Both the source and destination IDs are indicated. The '0' ID indicates that the traffic is being generated from the global zone.

Example 7–23 Packet Flow in the hme0 Device in Local Zones


# snoop -I hme0
Using device ipnet/hme0 (promiscuous mode)
toybox -> sandbox TCP D=22 S=62117 Syn Seq=195630514 Len=0 Win=49152 Options=<mss
sandbox -> toybox TCP D=62117 S=22 Syn Ack=195630515 Seq=195794440 Len=0 Win=49152
toybox -> sandbox TCP D=22 S=62117 Ack=195794441 Seq=195630515 Len=0 Win=49152
sandbox -> toybox TCP D=62117 S=22 Push Ack=195630515 Seq=195794441 Len=20 Win=491

The output shows traffic that occurs in the different zones within the system. You can see all packets that are associated with the hme0 IP addresses, including packets that are locally delivered to other zones. If you generate a verbose output, you can see the zones that are involved in the flow of packets.


# snoop -I hme0 -v port 22
IPNET:  ----- IPNET Header ----- 
IPNET: 
IPNET:  Packet 5 arrived at 15:16:50.85262 
IPNET:  Packet size = 64 bytes 
IPNET:  dli_version = 1 
IPNET:  dli_type = 0 
IPNET:  dli_srczone = 0 
IPNET:  dli_dstzone = 1 
IPNET: 
IP:   ----- IP Header ----- 
IP: 
IP:   Version = 4 
IP:   Header length = 20 bytes 
IP:   Type of service = 0x00 
IP:         xxx. .... = 0 (precedence) 
IP:         ...0 .... = normal delay 
IP:         .... 0... = normal throughput 
IP:         .... .0.. = normal reliability 
IP:         .... ..0. = not ECN capable transport 
IP:         .... ...0 = no ECN congestion experienced 
IP:   Total length = 40 bytes 
IP:   Identification = 22629 
IP:   Flags = 0x4 
IP:         .1.. .... = do not fragment 
IP:         ..0. .... = last fragment 
IP:   Fragment offset = 0 bytes 
IP:   Time to live = 64 seconds/hops 
IP:   Protocol = 6 (TCP) 
IP:   Header checksum = 0000 
IP:   Source address = 172.0.0.1, 172.0.0.1 
IP:   Destination address = 172.0.0.3, 172.0.0.3 
IP:   No options 
IP: 
TCP:  ----- TCP Header ----- 
TCP: 
TCP:  Source port = 46919 
TCP:  Destination port = 22 
TCP:  Sequence number = 3295338550 
TCP:  Acknowledgement number = 3295417957 
TCP:  Data offset = 20 bytes 
TCP:  Flags = 0x10 
TCP:        0... .... = No ECN congestion window reduced 
TCP:        .0.. .... = No ECN echo 
TCP:        ..0. .... = No urgent pointer 
TCP:        ...1 .... = Acknowledgement 
TCP         .... 0... = No push 
TCP         .... .0.. = No reset 
TCP:        .... ..0. = No Syn 
TCP:        .... ...0 = No Fin 
TCP:  Window = 49152 
TCP:  Checksum = 0x0014 
TCP:  Urgent pointer = 0 
TCP:  No options 
TCP:

The ipnet header indicates that the packet is coming from the global zone (ID 0) to Sandbox (ID 1).

Example 7–24 Observing Traffic by Identifying the Zone


# snoop -I hme0 zone 1
Using device ipnet/hme0 (promiscuous mode)
toybox -> sandbox TCP D=22 S=61658 Syn Seq=374055417 Len=0 Win=49152 Options=<mss
sandbox -> toybox TCP D=61658 S=22 Syn Ack=374055418 Seq=374124525 Len=0 Win=49152
toybox -> sandbox TCP D=22 S=61658 Ack=374124526 Seq=374055418 Len=0 Win=49152
#

The ability to observe packets by identifying zone is useful in systems that have multiple zones. Currently, you can only identify zone by using the zone ID. Using snoop with zone names is not supported.