Go to main content

Administering TCP/IP Networks, IPMP, and IP Tunnels in Oracle® Solaris 11.3

Exit Print View

Updated: March 2019

How to Capture snoop Output to a File

  1. Capture a snoop session into a file. For example:
    # snoop -o /tmp/cap
    Using device /dev/eri (promiscuous mode)
    30 snoop: 30 packets captured

    In the previous example, 30 packets have been captured in a file named /tmp/cap. The file can be in any directory that has enough disk space. The number of packets that are captured is displayed on the command line, enabling you to press Control-C to abort at any time.

    The snoop command creates a noticeable network load on the host system, which can distort the results. To see the actual results, run the snoop command from a third system.

  2. Inspect the snoop output capture file.
    # snoop -i filename
Example 9  Displaying snoop Output Captures

The following output shows a capture that you might receive as output from the snoop –i command.

# snoop -i /tmp/cap
1   0.00000 fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375
ICMPv6 Neighbor advertisement
10  0.91493 -> (broadcast)  ARP C Who is, ?
34  0.43690 nearserver.example.com  ->  IP  D= S= LEN=28,
ID=47453, TO =0x0, TTL=1
35  0.00034 ->    IP  D= S= LEN=28, ID=57376,
TOS=0x0, TTL=47