Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014
 
 

How to Check Packets From All Interfaces

  1. Print information about the interfaces that are attached to the system.
    # ipadm show-if

    The snoop command normally uses the first non-loopback device, which is typically the primary network interface.

  2. Begin packet capture by typing snoop without arguments.
    # snoop
  3. Press Control-C to halt the process.
Example 1-9  Displaying Basic snoop Output

The following example shows the basic snoop command output for a dual-stack host.

# snoop
Using device /dev/net (promiscuous mode)
router5.local.com -> router5.local.com ARP R 10.0.0.13, router5.local.com is
0:10:7b:31:37:80
router5.local.com -> BROADCAST     TFTP Read "network-confg" (octet)
myhost -> DNSserver.local.com      DNS C 192.168.10.10.in-addr.arpa. Internet PTR ?
DNSserver.local.com  myhost        DNS R 192.168.10.10.in-addr.arpa. Internet PTR
niserve2.
.
.
.
fe80::a00:20ff:febb:e09 -> ff02::9 RIPng R (5 destinations)

In the previous output, the packets that are captured show a DNS query and response, as well as periodic Address Resolution Protocol (ARP) packets from the local router and advertisements of the IPv6 link-local address to the in.ripngd daemon.