shellspells beta

snoop

snoop [ -aqrCDNPSvV ]  [  -t
      [ r | a  | d ]  ]   [  -c maxcount  ]   [  -d device  ]   [
      -i filename ]  [ -n filename ]  [ -o filename ]  [  -p first
      [  ,  last  ]  ]  [ -s snaplen ]  [  -x offset  [  ,  length
      ]  ]  [ expression ]

snoop captures packets efficiently from the network. They can either be displayed as they are received or saved to a file for later processing.

The Solaris version of tcpdump.

Available on: Solaris

Examples

Capture everything from the default interface and display on the screen

# snoop

Capture from port 80 on the e1000g0 interface. Output full packets (-x0) and actual timestamps (-ta).

# snoop -d e1000g0 -ta -x0 port 80

Capture everything from host loki to a file

# snoop -o output.cap host loki

Output all packets >200 bytes on port 8080 from the capture file output.cap

# snoop -i output.cap greater 200 port 8080