Snoop is the Solaris equivalent to tcpdump,
Just like tcpdump you need to specify a network interface which you want to tap, otherwise it will default to the 1st interface

The command syntax for a basic capture would be

snoop –d ce2 –o /tmp/output.cap

here ce2 is the network interface whereas the output has been pushed in output.cap file in tmp directory , you can download the file using ftp/sftp and analyze using wireshark

There are many instances when for want to run snoop for longer intervals of time to capture some specific even in network traffic . in this case you can force snoop to run in background using nohup and &

nohup snoop -d ce2 -s 2000 -o /tmp/backgroud.cap &

DONOT close the snoop window do exit to close the terminal .. .otherwise the snoop will stop


no comment untill now

Add your comment now