snoop

The snoop command isn't available on linux, but you'll find it on the Solaris side of things. This command will basically look at one of your enabled nics, and look at all the packets coming in and out of it. If you have only one nic then it'll choose that one by default. Note that you'll need to be root and in the global zone to run this command.

Here's an example of snooping all traffic from bge0:

snoop -d bge0

You can also tell it to just listen to certain ports:

snoop -d bge0 ssh

Or not to listen to a specific port:

snoop -d bge0 not ssh

How about just filter out the host we are talking to:

snoop -d bge0 myotherhost.whatever.com

If you use the -v, then you can get more information on each packet (up to -vvv):

snoop -d bge0  -v not ssh myotherhost.wathever.com

 

This entry was posted in software and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *