Checking Packet Flow

Check the packet flow next. Use the snoop command to observe packets from the network and observe their contents. Example 10-3 shows some sample output from snoop.

Example 10-3 Sample Output from snoop

# snoop -d ipdptp0
Using device ipdptp0 (promiscuous mode)
corey -> pacifica7    RLOGIN C port=1019
       hugo -> ponc3         RPC R XID=22456455 Success
       ponc3 -> hugo         NFS C WRITE FH=1B29 at 32768

    commlab3 -> commlab4     TELNET R port=34148
    commlab4 -> commlab3     IP  D=129.144.88.3 S=129.144.88.4 LEN=46, ID=41925
    commlab3 -> commlab4     TELNET R port=34148
    commlab4 -> commlab3     ICMP Echo request
    commlab3 -> commlab4     ICMP Echo reply
    commlab4 -> commlab3     FTP C port=34149
    commlab4 -> commlab3     FTP C port=34149
    commlab3 -> commlab4     FTP R port=34149
    commlab4 -> commlab3     FTP C port=34149

The ipdptp0 device name mentioned in the first line of the output Using device ipdptp0 indicates a point-to-point connection.

You need to have the link up and some traffic generated in order to use snoop to check the line status.

snoop captures packets from the network and displays their contents. It uses both the network packet filter and streams buffer modules to provide efficient capture of packets from the network. Captured packets can be displayed as they are received or saved to a file for later viewing.

snoop can display packets in a single-line summary form or in verbose multiline forms. In summary form, only the data pertaining to the highest-level protocol is displayed. For example, an NFS packet will have only NFS information displayed. The underlying RPC, UDP, IP, and Ethernet frame information is suppressed but can be displayed if either of the verbose options is chosen.

For more information about the snoop command, refer to the snoop(1M) man page.