How to read the output of snoop command? | Unix Linux Forums | Solaris

  Go Back    


Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle.

How to read the output of snoop command?

Solaris


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 06-20-2013
fretagi fretagi is offline
Registered User
 
Join Date: Oct 2011
Last Activity: 16 April 2014, 5:12 AM EDT
Posts: 182
Thanks: 37
Thanked 0 Times in 0 Posts
How to read the output of snoop command?

Hi!

I have run the following command:
Code:
snoop -q -d e1000g0 -o /var/tmp/optima0.txt &

them I am trying to read the output of it with
Code:
snoop -i /var/tmp/optima0.txt

, which is giving me this:
Code:
 # snoop -i /var/tmp/optima0.txt | more
  1   0.00000     AIOPTSVR -> 10.100.4.72  TCP D=1393 S=22 Push Ack=3687196293 Seq=1076546811 Len=68 Win=49680
  2   0.00058  10.100.4.72 -> AIOPTSVR     TCP D=22 S=1393 Ack=1076546879 Seq=3687196293 Len=0 Win=257
  3   0.00549            ? -> *            ETHER Type=9C9D (Unknown), size = 62 bytes
  4   0.00001  190.54.1.61 -> AIOPTSVR     NFS C 4 (lookup      ) PUTFH FH=7EEE SAVEFH LOOKUP opx_LOD_GEN_110_00311002O.tmp GETFH GETATTR 1001
1a b0a23a RESTOREFH N...
  5   0.00022     AIOPTSVR -> 190.54.1.61  NFS R 4 (lookup      ) NFS4ERR_NOENT PUTFH NFS4_OK SAVEFH NFS4_OK LOOKUP NFS4ERR_NOENT
  6   0.00043  190.54.1.61 -> AIOPTSVR     NFS C 4 (lookup      ) PUTFH FH=7EEE SAVEFH LOOKUP opx_LOD_GEN_110_00311002P.tmp GETFH GETATTR 1001
1a b0a23a RESTOREFH N...
  7   0.00010     AIOPTSVR -> 190.54.1.61  NFS R 4 (lookup      ) NFS4ERR_NOENT PUTFH NFS4_OK SAVEFH NFS4_OK LOOKUP NFS4ERR_NOENT
  8   0.00032  190.54.1.61 -> AIOPTSVR     TCP D=2049 S=1012 Ack=2632316802 Seq=1922933243 Len=0 Win=49640
  9   0.00309  190.54.1.61 -> AIOPTSVR     NFS C 4 (lookup      ) PUTFH FH=7EEE SAVEFH LOOKUP opx_LOD_GEN_110_00311002K.tmp GETFH GETATTR 1001
1a b0a23a RESTOREFH N...

and
Code:
# snoop -i /var/tmp/optima0.txt | tail
2949   0.12226  10.100.4.72 -> AIOPTSVR     TCP D=22 S=1393 Push Ack=1076548579 Seq=3687197645 Len=52 Win=257
2950   0.00066     AIOPTSVR -> 10.100.4.72  TCP D=1393 S=22 Push Ack=3687197697 Seq=1076548579 Len=52 Win=49680
2951   0.00010     AIOPTSVR -> 10.100.4.72  TCP D=1393 S=22 Push Ack=3687197697 Seq=1076548631 Len=52 Win=49680
2952   0.00009     AIOPTSVR -> 10.100.4.72  TCP D=1393 S=22 Push Ack=3687197697 Seq=1076548683 Len=52 Win=49680
2953   0.00067  10.100.4.72 -> AIOPTSVR     TCP D=22 S=1393 Ack=1076548735 Seq=3687197697 Len=0 Win=256
2954   0.01265            ? -> *            ETHER Type=9C9D (Unknown), size = 62 bytes
2955   0.02180            ? -> *            ETHER Type=9C9D (Unknown), size = 62 bytes
2956   0.00066            ? -> (multicast)  ETHER Type=060F (Unknown), size = 529 bytes
2957   0.01732            ? -> *            ETHER Type=9C9D (Unknown), size = 62 bytes
2958   0.01994            ? -> *            ETHER Type=9C9D (Unknown), size = 62 bytes
root@AIOPTSVR #

But I m not able to interpret this. Please can you help?
Sponsored Links
    #2  
Old 06-20-2013
jlliagre jlliagre is offline Forum Advisor  
ɹǝsn sıɹɐlos
 
Join Date: Dec 2007
Last Activity: 16 April 2014, 7:11 PM EDT
Location: Paris
Posts: 4,364
Thanks: 15
Thanked 443 Times in 406 Posts
You can use the -v and -V options to increase "snoop -i" verbosity.

What are you investigating ?

You might want to install Wireshark and open your /var/tmp/optima0.txt file with it. Wireshark has traffic analysis features snoop do not provide.
Sponsored Links
    #3  
Old 06-20-2013
fretagi fretagi is offline
Registered User
 
Join Date: Oct 2011
Last Activity: 16 April 2014, 5:12 AM EDT
Posts: 182
Thanks: 37
Thanked 0 Times in 0 Posts
How to read the output of snoop command?

Hi

I have a server that has its storage as NetApp and the connection to it is via iscsi protocol, and we are having issues posted on
Code:
/var/adm/messages

related to iscsi
Code:
iscsi connection(291) unable to connect to target SENDTARGETS_DISCOVERY (errno:145)

So I was tryng to figure it out what is the problem??
    #4  
Old 06-20-2013
jlliagre jlliagre is offline Forum Advisor  
ɹǝsn sıɹɐlos
 
Join Date: Dec 2007
Last Activity: 16 April 2014, 7:11 PM EDT
Location: Paris
Posts: 4,364
Thanks: 15
Thanked 443 Times in 406 Posts
One more reason to analyse your capture with Wireshark.
Sponsored Links
    #5  
Old 06-20-2013
fretagi fretagi is offline
Registered User
 
Join Date: Oct 2011
Last Activity: 16 April 2014, 5:12 AM EDT
Posts: 182
Thanks: 37
Thanked 0 Times in 0 Posts
How to read the output of snoop command?

Its no longer free
Sponsored Links
    #6  
Old 06-20-2013
jlliagre jlliagre is offline Forum Advisor  
ɹǝsn sıɹɐlos
 
Join Date: Dec 2007
Last Activity: 16 April 2014, 7:11 PM EDT
Location: Paris
Posts: 4,364
Thanks: 15
Thanked 443 Times in 406 Posts
What makes you believe it is no longer free ?
Sponsored Links
    #7  
Old 06-20-2013
fretagi fretagi is offline
Registered User
 
Join Date: Oct 2011
Last Activity: 16 April 2014, 5:12 AM EDT
Posts: 182
Thanks: 37
Thanked 0 Times in 0 Posts
How to read the output of snoop command?

I went to http://www.sunfreeware.com them I was redirect to Open Source freeware applications for Sun Solaris, and has asked for $$
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
ls output into a read command as a variable binary-ninja UNIX for Advanced & Expert Users 2 12-14-2011 03:17 PM
read command - using output from command substitution ProGrammar UNIX for Dummies Questions & Answers 2 09-15-2010 08:25 PM
Parse snoop output robdcb Shell Programming and Scripting 5 06-16-2010 06:55 PM
Script to capture snoop output faraaris Shell Programming and Scripting 2 03-27-2010 04:42 AM
How to read output of a shell command shamik Programming 1 05-22-2009 01:45 AM



All times are GMT -4. The time now is 11:49 PM.