Solaris

Is there anywhere we can get details about what we should expect to see and not to see in some packets captured with "snoop" during troubleshooting a problem? I know we can capture packes for a failed transaction and compare them with packets for a successful trasaction.Is that the only way to pinpoint a problem?

It's one thing to be able to capture the data. But, how can we really analyze and pinpoint what the problem is, using the data captured?

Any help will be really appreciated.

what is your problem stmt?
you will usually use snoop to check for packets or to see if your interface works.
there can be various situation where you will use snoop. so, whats your problem here?

Like Pouchie1, I don't pretend to understand what your problem is. However, if you need help deciphering the cryptic output of snoop, try using WireShark to parse the output file.

snoop -d bge0 -o /var/tmp/outfile.snoop

Open outfile.snoop with WireShark, you can view headers, packet information and data in a neatly organized manner. Wireshark also tries its best in translating what you get from snoop into human readable information.

In addition to the above very valid comments, I'd also add the suggestion that you limit the data captured to just what you want by specifying the destination (and/or source) address and port on the snoop commandline. This is especially important if you are running it and observing the output on the screen as snoop would then be showing you your own connection stream as well, obscuring the useful info.

Thanks all for your comments. Actually, what I wanted is some help deciphering the output of snoop. Oocyte's suggestion about using wireshark will probably help.

Thank you so much,