Thursday, 2 February 2012

Unix/Linux - Packet Analyzers - snoop and tcpdump

snoop is a very flexible command line packet analyzer included as part of Sun Microsystems' Solaris operating system.


tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.


Troubleshoot a host
Code Snippet
  1. snoop -v -d qfe0 -x0 host
  2. tcpdump -i en0 host
End of Code Snippet

Exclude the host you're connected from

Code Snippet
  1. snoop -x0 -d hme0 not host
  2. tcpdump -i eth0 not host
End of Code Snippet

View only SSL packets
Code Snippet
  1. snoop -x0 port 443
  2. tcpdump port 443
End of Code Snippet

For more examples, view the man pages.

No comments: