Analyze Network Activity

There is an utility shipped with solaris that help you analyze the networking activity that come throught your host.
This utility is :

snoop

For a full documentation about this utility, of course let's simply do :

# man snoop

But I'll try here, to give some usefull tips to use it fast.
I'll give your some examples to use it.
By instance, if you only want to analyze the packet from a specific host, say 192.168.1.1, let's simply do :

# snoop from host 192.168.1.1

It will print on stdout, all the packet that goes or come from the host 192.168.1.1. If you want perhaps put this usefull information to a file, and analyze it afterwards, you can do it like that :

# snoop -o output-snoop.txt from host 192.168.1.1

To analyze the file afterwards, simply do :

> @@#@@ snoop -i __output-snoop.txt__

And if you want more detailed information about each packet captured, let's simply do it with :

# snoop -v -i output-snoop.txt

Now, that you can still process the file with other expression. Suppose that you get all the packet from host 192.168.1.1 in this last file, and now that you only want the packet that goes to a specific destination, say 192.168.1.2 , you can do this with :

# snoop -v -i output-snoop.txt dst host 192.168.1.2

Capture packet that come from or goes to a specific host

# snoop host 192.168.1.2

Capture packet originating from a specific host

# snoop from host 192.168.1.2

Capture packet that goes to a specific host

# snoop dst host 192.168.1.2

Capture packet with a specific port

# snoop port 80

This will catpure packet with destination or origin port of 80.

Capture packet that come from a specific port

# snoop src port 80

Capture packet that goes to specific port

# snoop dst port 80

Capture packet that goes to a specific host and that goes to a specific port

# snoop dst host 192.168.1.2 and dst port 80

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License