Solaris's Snoop command
NAME
snoop - capture and inspect network packets
Usage: snoop
[ -a ] # Listen to packets on audio
[ -d device ] # settable to le?, ie?, bf?, tr?
[ -s snaplen ] # Truncate packets
[ -c count ] # Quit after count packets
[ -P ] # Turn OFF promiscuous mode
[ -D ] # Report dropped packets
[ -S ] # Report packet size
[ -i file ] # Read previously captured packets
[ -o file ] # Capture packets in file
[ -n file ] # Load addr-to-name table from file
[ -N ] # Create addr-to-name table
[ -t r|a|d ] # Time: Relative, Absolute or Delta
[ -v ] # Verbose packet display
[ -V ] # Show all summary lines
[ -p first[,last] ] # Select packet(s) to display
[ -x offset[,length] ] # Hex dump from offset for length
[ -C ] # Print packet filter code
[ -q ] # Suppress printing packet count
[ -r ] # Do not resolve address to name
[ filter expression ]
Example:
snoop -o saved host fred
snoop -i saved -tr -v -p19
DESCRIPTION
snoop captures packets from the network and displays their
contents. snoop uses both the network packet filter and
streams buffer modules to provide efficient capture of pack-
ets from the network. Captured packets can be displayed as
they are received, or saved to a file for later inspection.
snoop can display packets in a single-line summary form or
in verbose multi-line forms. In summary form, only the data
pertaining to the highest level protocol is displayed. For
example, an NFS packet will have only NFS information
displayed. The underlying RPC, UDP, IP, and ethernet frame
information is suppressed but can be displayed if either of
the verbose options are chosen.
snoop requires an interactive interface.
BACK