Save snoop
capture output into file in Solaris
Capture
a snoop session into a file:
# snoop -o filename
Eg:
# snoop -o cap.cap ip 50.200.0.4
Using device igb0
(promiscuous mode)
2
In above example
we can see 2 packets have been captured and saved it in to cap.cap file.We can
abort capture at any time using press Control+c.
Inspect the
snoop output captures file:
# snoop -i filename
Eg:
# snoop -i a.cap
1 0.00000 172.16.0.1 -> 50.200.0.4 UDP D=1728 S=51479 LEN=32
2 0.01544 50.200.0.4 -> 172.16.0.1 ICMP Destination unreachable (UDP port 1728 unreachable)
3 2.98764 50.200.0.4 -> NTU-HQ-GLOBAL DHCP/BOOTP DHCPDISCOVER
4 0.00094 NTU-HQ-GLOBAL -> 50.200.0.4 DHCP/BOOTP DHCPOFFER
1 0.00000 172.16.0.1 -> 50.200.0.4 UDP D=1728 S=51479 LEN=32
2 0.01544 50.200.0.4 -> 172.16.0.1 ICMP Destination unreachable (UDP port 1728 unreachable)
3 2.98764 50.200.0.4 -> NTU-HQ-GLOBAL DHCP/BOOTP DHCPDISCOVER
4 0.00094 NTU-HQ-GLOBAL -> 50.200.0.4 DHCP/BOOTP DHCPOFFER
Or we can inspect
this captured file by open through Wireshark
For more information about SNOOP command :
http://solaris4servers.blogspot.com/2012/09/how-to-capture-network-packets-in.html
