Tcpdump and snoop
In production environments, packet-capturing tools such as Wireshark are usually not installed. In such scenarios, a default-capturing tool can be used such as tcpdump for (Linux systems) and snoop (the Solaris default); later the captured file can be used in Wireshark for analysis:
snoop: This tool captures and inspects network packets and runs on Sun Microsystems CLItcpdump: This tool dumps traffic on a network and runs on Windows, OS X, and Linux
For example, the following table shows how to check packets from interfaces:
|
Description |
Solaris |
Linux |
|---|---|---|
|
How to check packets from all interfaces |
|
|
|
How to capture with hostname |
|
|
|
How to write the captured information to a file |
|
|
|
How to capture packets between |
|
|
