Snoop on Solaris 10

System administrators often want to monitor network traffic to debug problems. They will often need to trace what packets are coming in and out of the system. On most systems the tcpdump or wireshark tool is often used, however in Solaris 10 offers the snoop command is used. Snoop is a tool that is very similar to tcpdump but comes default with the solaris install. Below is a solaris snoop example:

root@computer:~# snoop > output.txt
Using device e1000g0 (promiscuous mode)

You can also specify a particular interface. To get a listing of interfaces to snoop you can use the ifconfig command. An example of the output is as follows:

root@computer:~# cat output.txt
 192.168.1.6 -> 192.168.1.3  TCP D=63326 S=22 Push Ack=2608858962 Seq=1455990317 Len=84 Win=64240
 192.168.1.3 -> 192.168.1.6  TCP D=22 S=63326 Ack=1455990401 Seq=2608858962 Len=0 Win=4325
 192.168.1.3 -> 192.168.1.6  TCP D=22 S=63326 Push Ack=1455990401 Seq=2608858962 Len=52 Win=4325
 192.168.1.6 -> 192.168.1.3  TCP D=63326 S=22 Push Ack=2608859014 Seq=1455990401 Len=52 Win=64240
 192.168.1.3 -> 192.168.1.6  TCP D=22 S=63326 Ack=1455990453 Seq=2608859014 Len=0 Win=4312

Snoop on Solaris 10 lists source, destination, port, and other useful network information.

Be the first to comment

Leave a Reply