Tcpdump and snoop

In production environments, packet-capturing tools such as Wireshark are usually not installed. In such scenarios, a default-capturing tool can be used such as tcpdump for (Linux systems) and snoop (the Solaris default); later the captured file can be used in Wireshark for analysis:

  • snoop: This tool captures and inspects network packets and runs on Sun Microsystems CLI
  • tcpdump: This tool dumps traffic on a network and runs on Windows, OS X, and Linux

For example, the following table shows how to check packets from interfaces:

Description

Solaris

Linux

How to check packets from all interfaces

bash# snoop

bash#tcpdump –nS

How to capture with hostname

bash# snoop hostname

bash# tcpdump host hostname

How to write the captured information to a file

snoop -o filename

bash# tcpdump -w filename

How to capture packets between host1 and host2 and save them to a file

snoop -o capture_file.pcap host1 host2

tcpdump -w capture_file.pcap src host1 and dst host2

How to capture traffic with verbose output to screen

snoop -v -d eth0

snoop -d eth0 -v port 80

tcpdump -i eth0

Very Verbose tcpdump options:

tcpdump -i eth0 -v port 80

tcpdump -i eth0 -vv port 80

How to set the snaplength

snoop -s 500

tcpdump -s 500

How to capture all bytes

snoop –s0

tcpdump –s0

How to capture the IPv6 traffic

snoop ip6

tcpdump ip6

How to capture protocols

snoop multicast

snoop broadcast

snoop bootp

snoop dhcp

snoop dhcp6

snoop pppoe

snoop ldap

tcpdump -n "broadcast or multicast"

tcpdump udp

tcpdump tcp

tcpdump port 67

tcpdump port 546

tcpdump port 389

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.135.21