LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services

What is snoop ?

The /usr/sbin/snoop utility is an executable that reads frames from your network interface or from a previously saved capture file. In addition, snoop allows you to filter the data it is collecting. For example, you can specify that you want to capture TCP segments to or from port 389 (such as LDAP traffic). You must be root to capture data from a network interface due to the device permissions (for example, permissions on the /dev/hme device). What makes snoop so powerful is the detail of information it provides, and the flexibility of the tool.

Using the snoop command results in one of the following objectives:

  • Captures and displays network packets.

  • Captures network packets and saves them to a capture file.

  • Reads from a capture file and displays the contents

  • Reads from one capture file and writes to another capture file (used primarily with filtering to select packets of interest)

When snoop is reading packets (capturing network packets, or reading from a capture file) it allows you to filter specific packets you are interested in. For example: to select the telnet traffic between hosta and hostb you might issue the following command:

# snoop port 23 between hosta hostb

Категории