Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Analyze packets with snoop
Operating Systems Solaris Analyze packets with snoop Post 302360394 by Pouchie1 on Thursday 8th of October 2009 09:12:56 PM
Old 10-08-2009
Analyze packets with snoop
Is there anywhere we can get details about what we should expect to see and not to see in some packets captured with "snoop" during troubleshooting a problem? I know we can capture packes for a failed transaction and compare them with packets for a successful trasaction.Is that the only way to pinpoint a problem?

It's one thing to be able to capture the data. But, how can we really analyze and pinpoint what the problem is, using the data captured?

Any help will be really appreciated.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

how to capture multicast packets using snoop

How do I use snoop command to capture multicast packets in the network? (1 Reply)
Discussion started by: caden312
1 Replies

2. UNIX for Dummies Questions & Answers

snoop equivalent

is there a snoop equivalent in other flavors of unix? HPUX, SCO or linux. TIA Peter (2 Replies)
Discussion started by: pbonilla
2 Replies

3. Solaris

Snoop Functions

Hello! It is my first post in this forum :). I`m facing a strange issue. I am using a Solaris 8 as OS, and using the ipnat (ipf) to NAT an incoming port to another, as following: Host SUN with Solaris 8/NAT WEB Page (A.B.C.D:80) ---> |A.B.C.D:80 ->... (0 Replies)
Discussion started by: mf_lattanzi
0 Replies

4. Shell Programming and Scripting

Analyze Statistics

I have a file which contains records in the format of 2006-08-25 12:06:13|ABC|93 2006-08-25 12:45:55|ABC|203 2006-08-25 01:48:19|DEF|156 2006-08-25 01:49:09|ABC|12798 2006-08-25 02:49:59|GHL|4109 2006-08-25 03:50:50|DEF|234 where the format is "arrive time"|"message type"|"processing... (3 Replies)
Discussion started by: mpang_
3 Replies

5. Solaris

snoop command

Hi. I'm trying to capture traffic with the snoop command using the net expression but I fail when a I've to specify a subnet ex: 10.201.64/18 Did you know the correct syntax? I've tried with snoop -ta -x0 net 10.201.64.0 255.255.192.0 but doesn't match. Thnx (4 Replies)
Discussion started by: kurtolo
4 Replies

6. Shell Programming and Scripting

Snoop Script

Hi, I want to write a script that checks an interface with the snoop command, if there is no traffic in 10 minutes on port 123 from the ip add 10.*.*.* it should send a e-mail.but i don't know how to start writing this script does anybody have an idea or an sample script that i can modifi. ... (2 Replies)
Discussion started by: tafil
2 Replies

7. UNIX for Advanced & Expert Users

FTP Snoop

Hi, Can anyone please tell me a ftp site where I can download the solaris snoop package? I need to download the package so I can use the command in a Linux environment instead of using tcpdump. Need practice with snoop. Thanks for your help. (3 Replies)
Discussion started by: Pouchie1
3 Replies

8. Cybersecurity

How to analyze malicious code

A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work: CSI:Internet - Alarm at the pizza service CSI:Internet - The image of death CSI:Internet - PDF timebomb CSI:Internet -... (0 Replies)
Discussion started by: pludi
0 Replies

9. UNIX for Dummies Questions & Answers

How to analyze file hashing

What command should I use to analyze file hashing of fixed flat files. How much work does it take for multiple flat files. (3 Replies)
Discussion started by: jbjoat
3 Replies

10. Solaris

Snapshot analyze

Hi, Is there any tool is available for analyzing Oracle X86 snapshot output. Thanks in advance. (1 Reply)
Discussion started by: sunnybee
1 Replies

LEARN ABOUT FREEBSD

ipresend

IPRESEND(1)						      General Commands Manual						       IPRESEND(1)

NAME

       ipresend - resend IP packets out to network

SYNOPSIS

       ipresend [ -EHPRSTX ] [ -d <device> ] [ -g <gateway> ] [ -m <MTU> ] [ -r <filename> ]

DESCRIPTION

       ipresend was designed to allow packets to be resent, once captured, back out onto the network for use in testing.  ipresend supports a num-
       ber of different file formats as input, including saved snoop/tcpdump binary data.

OPTIONS

       -d <interface>
	      Set the interface name to be the name supplied.  This is useful with the -P, -S, -T and -E options, where it is not otherwise possi-
	      ble to associate a packet with an interface.  Normal "text packets" can override this setting.

       -g <gateway>
	      Specify  the  hostname of the gateway through which to route packets.  This is required whenever the destination host isn't directly
	      attached to the same network as the host from which you're sending.

       -m <MTU>
	      Specify the MTU to be used when sending out packets.  This option allows you to set a fake MTU, allowing the simulation  of  network
	      interfaces with small MTU's without setting them so.

       -r <filename>
	      Specify the filename from which to take input.  Default is stdin.

       -E     The  input file is to be text output from etherfind.  The text formats which are currently supported are those which result from the
	      following etherfind option combinations:

		 etherfind -n
		 etherfind -n -t

       -H     The input file is to be hex digits, representing the binary makeup of the packet.  No length correction is  made,  if  an  incorrect
	      length is put in the IP header.

       -P     The  input  file specified by -i is a binary file produced using libpcap (i.e., tcpdump version 3).  Packets are read from this file
	      as being input (for rule purposes).

       -R     When sending packets out, send them out "raw" (the way they came in).  The only real significance here is that it  will  expect  the
	      link layer (i.e.	ethernet) headers to be prepended to the IP packet being output.

       -S     The  input  file	is  to be in "snoop" format (see RFC 1761).  Packets are read from this file and used as input from any interface.
	      This is perhaps the most useful input type, currently.

       -T     The input file is to be text output from tcpdump.  The text formats which are currently supported are those which  result  from  the
	      following tcpdump option combinations:

		 tcpdump -n
		 tcpdump -nq
		 tcpdump -nqt
		 tcpdump -nqtt
		 tcpdump -nqte

       -X     The input file is composed of text descriptions of IP packets.

SEE ALSO

       snoop(1m), tcpdump(8), etherfind(8c), ipftest(1), ipresend(1), iptest(1), bpf(4), dlpi(7p)

DIAGNOSTICS

       Needs to be run as root.

BUGS

       Not all of the input formats are sufficiently capable of introducing a wide enough variety of packets for them to be all useful in testing.
       If you find any, please send email to me at darrenr@pobox.com

																       IPRESEND(1)
All times are GMT -4. The time now is 04:57 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy