How to Capture snoop Output to a File - Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle® Solaris 11.2

Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Administering TCP/IP Networks, IPMP, and IP ... » Administering TCP/IP Networks » Monitoring Packet Transfers With the snoop Command » How to Capture snoop Output to a File

Updated: July 2014

Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 Administering TCP/IP Networks

Customizing TCP/IP Properties

Enabling Packet Forwarding Globally

Administering Default Address Selection

Description of the /etc/inet/ipaddrsel.conf Configuration File

Description of the ipaddrsel Command

Reasons to Modify the IPv6 Address Selection Policy Table

How to Administer the IPv6 Address Selection Policy Table

How to Modify the IPv6 Address Selection Table for the Current Session Only

Administering Transport Layer Services

Setting Up a Privileged Port

Implementing Traffic Congestion Control

Logging IP Addresses of All Incoming TCP Connections

Adding Services That Use the SCTP Protocol

Configuring TCP Wrappers

Changing the TCP Receive Buffer Size

Monitoring Network Status With the netstat Command

Filtering netstat Output by Address Type

Displaying the Status of Sockets

Displaying Statistics by Protocol

Displaying Network Interface Status

Displaying User and Process Information

Displaying the Status of Known Routes

Displaying Additional Network Status With the netstat Command

Performing TCP and UDP Administration With the netcat Utility

Administering and Logging Network Status Displays

How to Control the Display Output of IP-Related Commands

Logging Actions of the IPv4 Routing Daemon

How to Trace the Activities of the IPv6 Neighbor Discovery Daemon

Probing Remote Hosts With the ping Command

ping Command Modifications for IPv6 Support

Determining if a Remote Host Is Reachable

Determining if Packets Between Your Host and a Remote Host Are Being Dropped

Displaying Routing Information With the traceroute Command

traceroute Command Modifications for IPv6 Support

Discovering the Route to a Remote Host

Tracing All Routes

Analyzing Network Traffic With the TShark and Wireshark Analysers

Monitoring Packet Transfers With the snoop Command

snoop Command Modifications for IPv6 Support

How to Check Packets From All Interfaces

How to Check Packets From an IPMP Group

How to Capture snoop Output to a File

How to Check Packets Between an IPv4 Server and a Client

Monitoring IPv6 Network Traffic

Monitoring Packets by Using IP Layer Devices

Observing Network Traffic With the ipstat and tcpstat Commands

Chapter 2 About IPMP Administration

Chapter 3 Administering IPMP

Chapter 4 About IP Tunnel Administration

Chapter 5 Administering IP Tunnels

Language:

How to Capture `snoop` Output to a File

Capture a snoop session into a file. For example:
```
# snoop -o /tmp/cap
Using device /dev/eri (promiscuous mode)
30 snoop: 30 packets captured
```
In the previous example, 30 packets have been captured in a file named /tmp/cap. The file can be in any directory that has enough disk space. The number of packets that are captured is displayed on the command line, enabling you to press Control-C to abort at any time.

The snoop command creates a noticeable network load on the host machine, which can distort the results. To see the actual results, run the snoop command from a third system.
Inspect the snoop output capture file.
```
# snoop -i filename
```

Example 1-10 Displaying snoop Output Captures

The following output shows a capture that you might receive as output from the snoop –i command.

# snoop -i /tmp/cap
1   0.00000 fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375
ICMPv6 Neighbor advertisement
...
10  0.91493    10.0.0.40 -> (broadcast)  ARP C Who is 10.0.0.40, 10.0.0.40 ?
34  0.43690 nearserver.here.com  -> 224.0.1.1  IP  D=224.0.1.1 S=10.0.0.40 LEN=28,
ID=47453, TO =0x0, TTL=1
35  0.00034  10.0.0.40 -> 224.0.1.1    IP  D=224.0.1.1 S=10.0.0.40 LEN=28, ID=57376,
TOS=0x0, TTL=47

Copyright © 2011, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices