Thursday, 2 February 2012

Unix/Linux - Packet Analyzers - snoop and tcpdump

snoop
snoop is a very flexible command line packet analyzer included as part of Sun Microsystems' Solaris operating system.


tcpdump

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.


Examples

Troubleshoot a host
Code Snippet
  1. snoop -v -d qfe0 -x0 host 192.168.1.87
  2. tcpdump -i en0 host 192.168.1.87
End of Code Snippet



Exclude the host you're connected from

Code Snippet
  1. snoop -x0 -d hme0 not host 192.168.1.20
  2. tcpdump -i eth0 not host 192.168.1.20
End of Code Snippet


View only SSL packets
Code Snippet
  1. snoop -x0 port 443
  2. tcpdump port 443
End of Code Snippet


For more examples, view the man pages.

No comments: