Ethical Hacking

Solaris Unix snoop command example.

Snoop command in Solaris or Unix is similar to tcpdump in linux used to trace packets on your solaris or unix machine.

The syntax that I normally use are

snoop –V –o <file_name> –c 500 this will send the output to a file.

snoop -d <interface> | grep <port_number> to check for packets through the interface

 or

snoop -r -d <interface> port <number> -r will disable name resolution

or

snoop -d <interface> host <IP_address>

Some other common expressions that can be used are
        [ -a ]                  # Listen to packets on audio
        [ -d device ]           # Network interface to snoop (le?, ie?, bf?, tr?)
        [ -s snaplen ]          # Truncate packets
        [ -c count ]            # Quit after count packets
        [ -P ]                  # Turn OFF promiscuous mode
        [ -D ]                  # Report dropped packets
        [ -S ]                  # Report packet size
        [ -i file ]             # Read previously captured packets
        [ -o file ]             # Capture packets in file
        [ -n file ]             # Load addr-to-name table from file
        [ -N ]                  # Create addr-to-name table
        [ -t  r|a|d ]           # Time: Relative, Absolute or Delta
        [ -v ]                  # Verbose packet display
        [ -V ]                  # Show all summary lines
        [ -p first[,last] ]     # Select packet(s) to display
        [ -x offset[,length] ]  # Hex dump from offset for length
        [ -C ]                  # Print packet filter code
        [ -q ]                  # Suppress printing packet count
        [ -r ]                  # Do not resolve address to name

Related posts:

1. Using Nokia fw monitor command with examples
2. Traceroute using TCP packets
3. Run the last command if firewall rebooted
4. Tcpdump Examples for troubleshooting.
5. Firewall Troubleshooting Basic Concepts.

© 2009 Information Security Tips.