Tcpdump and snoop
In production environments, packet-capturing tools such as Wireshark are usually not installed. In such scenarios, a default-capturing tool can be used such as tcpdump
for (Linux systems) and snoop
(the Solaris default); later the captured file can be used in Wireshark for analysis:
snoop
: This tool captures and inspects network packets and runs on Sun Microsystems CLItcpdump
: This tool dumps traffic on a network and runs on Windows, OS X, and Linux
For example, the following table shows how to check packets from interfaces:
Description |
Solaris |
Linux |
---|---|---|
How to check packets from all interfaces |
|
|
How to capture with hostname |
|
|
How to write the ... |
Get Packet Analysis with Wireshark now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.