|
|
Sponsored Content
Operating Systems
Solaris
snoop command
Post 302160196 by rb2k on Monday 21st of January 2008 06:01:48 AM
01-21-2008
Sorry for ressurecting the old thread... but it's still pretty high on google
I did read the manual... still can't figure out how to specify a subnet
the man page says:
snoop -v net 10.0.0.0 255.0.0.0 doesn't seem to capture packets coming from/going to nodes in the 10.X net
snoop -v net 10.0.0.0/8 ---> invalid expression at "".
snoop -v net 10.0.0.0 8 doesn't seem to capture any packets either
I did read the manual... still can't figure out how to specify a subnet
the man page says:
Quote:
net net
True if either the IP source or destination
address has a network number of net. The from or
to qualifier may be used to select packets for
which the network number occurs only in the source
or destination address.
True if either the IP source or destination
address has a network number of net. The from or
to qualifier may be used to select packets for
which the network number occurs only in the source
or destination address.
snoop -v net 10.0.0.0/8 ---> invalid expression at "".
snoop -v net 10.0.0.0 8 doesn't seem to capture any packets either
Last edited by rb2k; 01-21-2008 at 07:07 AM..
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
is there a snoop equivalent in other flavors of unix? HPUX, SCO or linux.
TIA
Peter (2 Replies)
Discussion started by: pbonilla
2 Replies
2. Solaris
Hello! It is my first post in this forum :).
I`m facing a strange issue. I am using a Solaris 8 as OS, and using the ipnat (ipf) to NAT an incoming port to another, as following:
Host SUN with Solaris 8/NAT WEB Page
(A.B.C.D:80) ---> |A.B.C.D:80 ->... (0 Replies)
Discussion started by: mf_lattanzi
0 Replies
3. IP Networking
Hi Gang:
Need some help with a snoop command. Sun box (solaris 8) has 4 nic cards,
I need to snoop one address and output that to a file so wireshark can read it. Can anyone help me out..?
Think its something like....
snoop -i 10.10.10.10 -o snoop_output (1 Reply)
Discussion started by: jimmyc
1 Replies
4. Shell Programming and Scripting
Hi,
I want to write a script that checks an interface with the snoop command, if there is no traffic in 10 minutes on port 123 from the ip add 10.*.*.* it should send a e-mail.but i don't know how to start writing this script does anybody have an idea or an sample script that i can modifi.
... (2 Replies)
Discussion started by: tafil
2 Replies
5. Solaris
Is there anywhere we can get details about what we should expect to see and not to see in some packets captured with "snoop" during troubleshooting a problem? I know we can capture packes for a failed transaction and compare them with packets for a successful trasaction.Is that the only way to... (4 Replies)
Discussion started by: Pouchie1
4 Replies
6. Linux
Hi,
What web site I can download the snoop package from and install it into a linux environment, so I can practice and become familiar with the snoop command and capture packets with it.
Thanks , (0 Replies)
Discussion started by: Pouchie1
0 Replies
7. UNIX for Advanced & Expert Users
Hi,
Can anyone please tell me a ftp site where I can download the solaris snoop package? I need to download the package so I can use the command in a Linux environment instead of using tcpdump. Need practice with snoop.
Thanks for your help. (3 Replies)
Discussion started by: Pouchie1
3 Replies
8. Solaris
Hi ,
I would like to write a perl script with the snoop command to capture packets from a specific IP address to a node (incoming packets) and packets from that node for the same session to another node and save the capture to a file. I would like my script to be able to read my IP all the time... (7 Replies)
Discussion started by: Pouchie1
7 Replies
9. Shell Programming and Scripting
Hi
I want to write a script for snoop which can do snoop for 30 min and then process should be killed automatically
I am using below codes
#!/usr/bin/ksh
snoop -d igb0 -o /opt/temp/abc.pcap
sleep 1500
kill -9 `ps -ef|grep -i snoop |grep -v grep|awk '{print $2}'`
But process is not... (3 Replies)
Discussion started by: anish19
3 Replies
10. Solaris
Hi!
I have run the following command: snoop -q -d e1000g0 -o /var/tmp/optima0.txt & them I am trying to read the output of it with snoop -i /var/tmp/optima0.txt, which is giving me this: # snoop -i /var/tmp/optima0.txt | more
1 0.00000 AIOPTSVR -> 10.100.4.72 TCP D=1393 S=22 Push... (8 Replies)
Discussion started by: fretagi
8 Replies
LEARN ABOUT DEBIAN
shorewall-hosts
SHOREWALL-HOSTS(5) [FIXME: manual] SHOREWALL-HOSTS(5) NAME
hosts - Shorewall file SYNOPSIS
/etc/shorewall/hosts DESCRIPTION
This file is used to define zones in terms of subnets and/or individual IP addresses. Most simple setups don't need to (should not) place anything in this file. The order of entries in this file is not significant in determining zone composition. Rather, the order that the zones are declared in shorewall-zones[1](5) determines the order in which the records in this file are interpreted. Warning The only time that you need this file is when you have more than one zone connected through a single interface. Warning If you have an entry for a zone and interface in shorewall-interfaces[2](5) then do not include any entries in this file for that same (zone, interface) pair. The columns in the file are as follows. ZONE - zone-name The name of a zone declared in shorewall-zones[1](5). You may not list the firewall zone in this column. HOST(S) - interface:{[{address-or-range[,address-or-range]...|+ipset|dynamic}[exclusion] The name of an interface defined in the shorewall-interfaces[2](5) file followed by a colon (":") and a comma-separated list whose elements are either: 1. The IP address of a host. 2. A network in CIDR format. 3. An IP address range of the form low.address-high.address. Your kernel and iptables must have iprange match support. 4. The name of an ipset. 5. The word dynamic which makes the zone dynamic in that you can use the shorewall add and shorewall delete commands to change to composition of the zone. You may also exclude certain hosts through use of an exclusion (see shorewall-exclusion[3](5). OPTIONS (Optional) - [option[,option]...] A comma-separated list of options from the following list. The order in which you list the options is not significant but the list must have no embedded white space. blacklist Check packets arriving on this port against the shorewall-blacklist[4](5) file. broadcast Used when you want to include limited broadcasts (destination IP address 255.255.255.255) from the firewall to this zone. Only necessary when: 1. The network specified in the HOST(S) column does not include 255.255.255.255. 2. The zone does not have an entry for this interface in shorewall-interfaces[2](5). destonly Normally used with the Multi-cast IP address range (224.0.0.0/4). Specifies that traffic will be sent to the specified net(s) but that no traffic will be received from the net(s). ipsec The zone is accessed via a kernel 2.6 ipsec SA. Note that if the zone named in the ZONE column is specified as an IPSEC zone in the shorewall-zones[1](5) file then you do NOT need to specify the 'ipsec' option here. maclist Connection requests from these hosts are compared against the contents of shorewall-maclist[5](5). If this option is specified, the interface must be an ethernet NIC or equivalent and must be up before Shorewall is started. mss=mss Added in Shorewall 4.5.2. When present, causes the TCP mss for new connections to/from the hosts given in the HOST(S) column to be clamped at the specified mss. nosmurfs This option only makes sense for ports on a bridge. Filter packets for smurfs (packets with a broadcast address as the source). Smurfs will be optionally logged based on the setting of SMURF_LOG_LEVEL in shorewall.conf[6](5). After logging, the packets are dropped. routeback Shorewall should set up the infrastructure to pass packets from this/these address(es) back to themselves. This is necessary if hosts in this group use the services of a transparent proxy that is a member of the group or if DNAT is used to send requests originating from this group to a server in the group. tcpflags Packets arriving from these hosts are checked for certain illegal combinations of TCP flags. Packets found to have such a combination of flags are handled according to the setting of TCP_FLAGS_DISPOSITION after having been logged according to the setting of TCP_FLAGS_LOG_LEVEL. EXAMPLES
Example 1 The firewall runs a PPTP server which creates a ppp interface for each remote client. The clients are assigned IP addresses in the network 192.168.3.0/24 and in a zone named 'vpn'. #ZONE HOST(S) OPTIONS vpn ppp+:192.168.3.0/24 FILES
/etc/shorewall/hosts SEE ALSO
http://shorewall.net/configuration_file_basics.htm#Pairs shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-nesting(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) NOTES
1. shorewall-zones http://www.shorewall.net/manpages/shorewall-zones.html 2. shorewall-interfaces http://www.shorewall.net/manpages/shorewall-interfaces.html 3. shorewall-exclusion http://www.shorewall.net/manpages/shorewall-exclusion.html 4. shorewall-blacklist http://www.shorewall.net/manpages/shorewall-blacklist.html 5. shorewall-maclist http://www.shorewall.net/manpages/shorewall-maclist.html 6. shorewall.conf http://www.shorewall.net/manpages/shorewall.conf.html [FIXME: source] 06/28/2012 SHOREWALL-HOSTS(5)