Scribd Logo
Upload

Welcome to Scribd!

  • 37 views

    Solaris Snoop For Packet Sniffing - Numpang CoPas

    Uploaded by

    rasim
    The document provides examples of how to use the snoop command in Solaris to capture and analyze network packet data on an interface. Snoop can be used to capture all packets on an interface, packets between specific IPs or ports, or for a specific protocol. It allows filtering packets and viewing packet details including contents and protocol information. Time stamps of captured packets can also be viewed to troubleshoot issues like Jumpstart configurations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Solaris Snoop For Packet Sniffing - Numpang CoPas

    Uploaded by

    rasim
    37 views1 page
    The document provides examples of how to use the snoop command in Solaris to capture and analyze network packet data on an interface. Snoop can be used to capture all packets on an interface, packets between specific IPs or ports, or for a specific protocol. It allows filtering packets and viewing packet details including contents and protocol information. Time stamps of captured packets can also be viewed to troubleshoot issues like Jumpstart configurations.

    Original Description:

    Solaris

    Original Title

    Solaris snoop for packet sniffing - Numpang CoPas

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides examples of how to use the snoop command in Solaris to capture and analyze network packet data on an interface. Snoop can be used to capture all packets on an interface, packets between specific IPs or ports, or for a specific protocol. It allows filtering packets and viewing packet details including contents and protocol information. Time stamps of captured packets can also be viewed to troubleshoot issues like Jumpstart configurations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    37 views1 page

    Solaris Snoop For Packet Sniffing - Numpang CoPas

    Uploaded by

    rasim
    The document provides examples of how to use the snoop command in Solaris to capture and analyze network packet data on an interface. Snoop can be used to capture all packets on an interface, packets between specific IPs or ports, or for a specific protocol. It allows filtering packets and viewing packet details including contents and protocol information. Time stamps of captured packets can also be viewed to troubleshoot issues like Jumpstart configurations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 1

    HOME SYSTEM STORAGE SERVER OTHER

    Solaris snoop for packet sni ng


    Published by Rizki Amar Kuswara on 22/02/2023
    The syntax of snoop command with most commonly used options is :
    Search …

    # /usr/sbin/snoop -qr -d [device] -o [filename] -s 300

    -q --> don't show packet count when capturing packets into file. (Improves the packet capturing performa
    Recent Posts
    -r --> Do not resolve IP to hostname (prevents snoop from generating its own traffic)
    -d device --> Interface used to run the snoop command on VMware vSAN
    -o filename --> Save the captured packets in the file
    -s num --> truncate each packet after num bytes esxcli VSAN and object health

    commands

    How to Install Fail2ban on AlmaLinux


    Example 1 :
    and Rocky Linux
    To capture packets on interface ce0 and save it to a le ce0_snoop.out use :
    OVF Package with compressed disks is
    # /usr/sbin/snoop -qr -d ce0 -o ce0_snoop.out -s 300
    currently not supported for OVF import
    Example 2 : Verify that the le is generated by snoop command
    Solaris snoop for packet sni ng
    To make sure that the le is generated by snoop command :
    How to Find and Remove Old or Inactive
    # file snoop.out
    Files
    snoop.out: Snoop capture file - version 2

    Install & Con gure LDOMs ( Oracle VM

    Example 3 : Read from a snoop le for SPARC)

    To read from a already generated snoop le : Create IPS Solaris 11

    # snoop -i [filename]

    Example 4 : Snoop on a speci c port


    To nd the tra c details only on a speci c port (8080) :

    # /usr/sbin/snoop -qr -d ce0 -o ce0_snoop.out -s 300 port 8080

    Example 5 : Snoop on a speci c IP


    To nd the tra c details only on a speci c IP (192.168.1.20) :

    # /usr/sbin/snoop -qr -d ce0 -o ce0_snoop.out -s 300 192.168.1.1

    Here, you can also give a comma separated lust of IPs to nd tra c generated for
    those IPs (to or From).

    Example 6 : To snoop between 2 IPs


    To nd the tra c details between to IPs :

    # snoop -i [filename] [IP-address1] [IP-address2]

    Example 7 : Snoop for a speci c protocol


    To nd the tra c details only related to a speci c protocol , for example ICMP, ARP :

    # /usr/sbin/snoop -qr -d ce0 -o ce0_snoop.out icmp,arp

    Here, it actually shows the packets for the IPMP protocol, as IPMP in turn uses the
    ICMP and ARP protocols for its functionality.

    Example 8 : Check time when the snoop was taken


    To check the time the packets 9 to 13 were take use :

    # snoop -i snoop.out -ta -p9,13


    Loading name file snoop.out.names
    9 18:10:54.71861 webcache -> mizue HTTP (proxy) R port=41579
    10 18:10:55.03142 webcache -> mizue HTTP HTTP/1.1 200 OK
    11 18:10:55.03168 mizue -> webcache HTTP (proxy) C port=41579
    12 18:10:56.37426 webcache -> mizue HTTP (body)
    13 18:10:56.47427 mizue -> webcache HTTP (proxy) C port=41579

    Example 9 : How to check total time taken for FTP data transfer
    Use the -tr and port 20 as lter in the snoop command to nd out the total time taken
    in the FTP data transfer.

    # snoop -i ftp.snoop -tr port 20 | tail -1


    1393 1.52899 129.158.x.x -> 129.158.x.x FTP-DATA C port=32841

    ==> 1.52899 sec

    Example 10 : To see the contents of a packet


    To see the contents of a speci c packet (packet number 4) :

    # snoop -i snoop.out -p4 -x0

    4 0.00377 HostA -> HostB HTTP GET http://patchpro.sun.com/expert/pprodetectors.jar HTTP/1.1

    0: 0008 a4d2 5e40 0800 20a0 166a 0800 4500 ....^@.. ..j..E.
    16: 00f9 dc05 4000 4006 b0be 0a0e 025f 819e ...@.@......_..
    32: 1f30 8063 1f90 12ed 2f71 0a9d 493a 5018 .0.c..../q..I:P.
    48: c1e8 d859 0000 4745 5420 6874 7470 3a2f ...Y..GET http:/
    64: 2f70 6174 6368 7072 6f2e 7375 6e2e 636f /patchpro.sun.co
    80: 6d2f 6578 7065 7274 2f70 7072 6f64 6574 m/expert/pprodet
    96: 6563 746f 7273 2e6a 6172 2048 5454 502f ectors.jar HTTP/
    112: 312e 310d 0a55 7365 722d 4167 656e 743a 1.1..User-Agent:
    128: 204a 6176 612f 312e 342e 315f 3031 610d Java/1.4.1_01a.
    144: 0a48 6f73 743a 2070 6174 6368 7072 6f2e .Host: patchpro.
    160: 7375 6e2e 636f 6d0d 0a41 6363 6570 743a sun.com..Accept:
    176: 2074 6578 742f 6874 6d6c 2c20 696d 6167 text/html, imag
    192: 652f 6769 662c 2069 6d61 6765 2f6a 7065 e/gif, image/jpe
    208: 672c 202a 3b20 713d 2e32 2c20 2a2f 2a3b g, *; q=.2, */*;
    224: 2071 3d2e 320d 0a50 726f 7879 2d43 6f6e q=.2..Proxy-Con
    240: 6e65 6374 696f 6e3a 206b 6565 702d 616c nection: keep-al
    256: 6976 650d 0a0d 0a ive....

    Example 11 : Snoop to troubleshoot Jumpstart


    Snoop can be very well used to troubleshoot the jumpstart issues. In case of
    Jumpstart, we can use the MAC address as the lter :

    # snoop -i [filename] xx:xx:xx:xx:xx:xx

    Example 12 : To check whether snoop dropped packets


    Sometimes the snoop command itself drops packets (mostly in case of Gigabit
    network). To nd out the dropped packets use the -D ag :

    # snoop -i snoop.out -D | grep TCP


    Loading name file snoop.out
    7865 0.00000 aaa -> bbb drops: 0 TCP D=35215 S=20 Ack=2442259384 Seq=3714484080 Len=1460 Win=16060
    7866 0.00012 aaa -> bbb drops: 0 TCP D=35215 S=20 Ack=2442259384 Seq=3714485540 Len=1460 Win=16060
    7867 0.00013 aaa -> bbb drops: 0 TCP D=35215 S=20 Ack=2442259384 Seq=3714487000 Len=1460 Win=16060
    7868 0.00015 bbb -> aaa drops: 0 TCP D=20 S=35215 Ack=3714484080 Seq=2442259384 Len=0 Win=33580
    7869 0.00049 aaa -> bbb drops: 0 TCP D=35215 S=20 Ack=2442259384 Seq=3714488460 Len=1460 Win=16060
    7870 0.01848 aaa -> bbb drops: 0 TCP D=35215 S=20 Ack=2442259384 Seq=3714551240 Len=1460 Win=16060
    7871 0.00011 aaa -> bbb drops: 47 TCP D=35215 S=20 Ack=2442259384 Seq=3714552700 Len=1460 Win=16060
    7872 0.00013 aaa -> bbb drops: 47 TCP D=35215 S=20 Ack=2442259384 Seq=3714554160 Len=1460 Win=16060
    7873 0.00011 aaa -> bbb drops: 47 TCP D=35215 S=20 Ack=2442259384 Seq=3714555620 Len=1460 Win=16060
    7874 0.00012 aaa -> bbb drops: 47 TCP D=35215 S=20 Ack=2442259384 Seq=3714557080 Len=1460 Win=16060
    7875 0.00007 bbb -> aaa drops: 47 TCP D=20 S=35215 Ack=3714554160 Seq=2442259384 Len=0 Win=33580

    Example 13 : Extract speci c packets from a snoop le to another snoop le


    If we use -i and -o options together, we can extract speci c packets from a snoop le
    and save it to another snoop le :

    # snoop -i snoop.out -o snoop.telnet.out port 23

    Example 14 : To see protocol information


    Use the options “-v” or “-V” with snoop to nd out the protocol information.

    # snoop -i nfs.snoop -p23 -V


    Loading name file nfs.snoop.names
    ________________________________
    23 0.00000 HostA -> HostB ETHER Type=0800 (IP), size = 206 bytes
    23 0.00000 HostA -> HostB IP D=192.168.x.x S=192.168.55.106 LEN=192, ID=45661, TOS=0x0, TTL=64
    23 0.00000 HostA -> HostB TCP D=2049 S=698 Push Ack=390460868 Seq=222184947 Len=152 Win=24820
    23 0.00000 HostA -> HostB RPC C XID=1096378150 PROG=100003 (NFS) VERS=3 PROC=19
    23 0.00000 HostA -> HostB NFS C FSINFO3 FH=0222

    # snoop -i nfs.snoop -p23 -v


    Loading name file nfs.snoop.names
    ETHER: ----- Ether Header -----
    ETHER:
    ETHER: Packet 23 arrived at 23:35:7.36
    ETHER: Packet size = 206 bytes
    ETHER: Destination = 0:0:c:7:ac:27, Cisco
    ETHER: Source = 8:0:20:b5:fa:8, Sun
    ETHER: Ethertype = 0800 (IP)
    ETHER:
    IP: ----- IP Header -----
    IP:
    IP: Version = 4
    IP: Header length = 20 bytes
    IP: Type of service = 0x00
    IP: xxx. .... = 0 (precedence)
    IP: ...0 .... = normal delay
    IP: .... 0... = normal throughput
    IP: .... .0.. = normal reliability
    IP: .... ..0. = not ECN capable transport
    IP: .... ...0 = no ECN congestion experienced
    IP: Total length = 192 bytes
    IP: Identification = 45661
    IP: Flags = 0x4
    IP: .1.. .... = do not fragment
    IP: ..0. .... = last fragment
    IP: Fragment offset = 0 bytes
    IP: Time to live = 64 seconds/hops
    IP: Protocol = 6 (TCP)
    IP: Header checksum = 2175
    IP: Source address = 192.168.x.x, HostA
    IP: Destination address = 192.168.x.x, HostB
    IP: No options
    IP:
    [output truncated for brevity]

    Example 15 : Check a speci c ping packet


    ping(ICMP Echo reply) packets have the “ID” number and you can lter by the “ID”
    number.

    # snoop -i snoop.out "icmp[4:2] = 16005"


    172 0.66838 10.20.220.120 -> 10.20.220.121 ICMP Echo request (ID: 16005 Sequence number: 0)
    173 0.00021 10.20.220.121 -> 10.20.220.120 ICMP Echo reply (ID: 16005 Sequence number: 0)

    Source

    Categories: SOLARIS SOLARIS 10 SOLARIS 11

    Tags: packet sni ng sni ng snoop solaris 10

    solaris 11

    0 Comments

    Leave a Reply

    Name * Email * Website

    What's on your mind?

    Save my name, email, and website in this browser for the next time I comment.

    Please enter an answer in digits:

    twelve + 20 =

    POST COMMENT

    Related Posts

    SOLARIS SOLARIS

    How to Find and Remove Old or Create IPS Solaris 11


    Inactive Files Oracle Solaris 11 saat ini menggunakan metode
    SOLARIS
    Part of the job of cleaning up heavily loaded le yang berbeda dengan solaris 10 untuk
    systems involves locating and removing les Install & Con gure LDOMs ( Oracle memanage package. Sekarang dengan Image
    that have not been used recently. You can locate packaging system (IPS) administrator dapat
    VM for SPARC)
    unused les using the ls or nd commands. meng-install, update and mencari packages dari
    Set Primary LDOM # ldm set-vcpu 8 primary # local atau remote repository. Repository bisa
    Other ways to conserve disk space Read more…
    ldm set-memory 8G primary # ldm start-reconf diakses Read more…
    primary # ldm add-con g
    con g_primary15072022 Create LDOM # ldm
    add-domain DB01 # ldm add-vcpu 8 DB01 # ldm
    add-memory Read more…

    BLOG CART CHECKOUT HOME MY ACCOUNT SHOP WELCOME Hestia | Developed by ThemeIsle

    You might also like