Running snoop with LDAP in Mind

Running snoop with LDAP in Mind

Before you run the snoop utility, you must decide if you want real-time data or you'd prefer to capture packets to a snoop-capture file. In most situations, you will want to capture the data to a file. In real-time mode, the data flies across your screen much too fast for you to read. The only real benefit of real-time mode is to give you a quick feel for the traffic that's moving on your network. To do some serious analysis, you'll want to capture packets to a file so you can take your time with them.

snoop syntax:

 /usr/sbin/snoop [options] 

The syntax and complete list of options for snoop are described in snoop(1M) man page. The examples in this article focus on snoop options that are related to LDAP. The examples that follow use the following snoop syntax and options depending on the desired level of tracing:

• For basic tracing:

   snoop [port  portnumber  ] [  LDAPhostname  ] 

  Where port is the keyword, portnumber is the port number obtained from the /etc/services file, and LDAPhostname is the host name of the host used to capture packets, as either the source or

  destination, and display them as they are received.

• For summary mode (by using the -V option):

   snoop -v [port  portnumber  ] [  LDAPhostname  ] 

• For detailed snoop trace using the verbose mode ( -v option), which provides a detailed packet header trace:

   snoop -v [port  portnumber  ] [  LDAPhostname  ]