What is snoop ?

Previous page
Table of content
Next page

What is snoop ?

The /usr/sbin/snoop utility is an executable that reads frames from your network interface or from a previously saved capture file. In addition, snoop allows you to filter the data it is collecting. For example, you can specify that you want to capture TCP segments to or from port 389 (such as LDAP traffic). You must be root to capture data from a network interface due to the device permissions (for example, permissions on the /dev/hme device). What makes snoop so powerful is the detail of information it provides, and the flexibility of the tool.

Using the snoop command results in one of the following objectives:

  • Captures and displays network packets.

  • Captures network packets and saves them to a capture file.

  • Reads from a capture file and displays the contents

  • Reads from one capture file and writes to another capture file (used primarily with filtering to select packets of interest)

When snoop is reading packets (capturing network packets, or reading from a capture file) it allows you to filter specific packets you are interested in. For example: to select the telnet traffic between hosta and hostb you might issue the following command: 

 #  snoop port 23 between hosta hostb

Previous page
Table of content
Next page
LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services
LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services
ISBN: 131456938
EAN: N/A
Year: 2005
Pages: 87
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
C & Data Structures (Charles River Media Computer Engineering)
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
File System Forensic Analysis
Sap Bw: a Step By Step Guide for Bw 2.0
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy