Solaris Packet sniffer

Solaris Packet sniffer

Accroding to Network Dictionary sniffing tool is a program  that monitors data traveling over a network, and it can be used both for stealing network information or for monitoring and maintenance network.

snoop tool

snoop is a command line packet sniffer in oracle solaris operating system. You can use the snoop utility to capture and inspect network packets to determine what kind of data is transferred between systems.

snoop command :-

 snoop   

Result :- captures and displays all packets sent and received .

 snoop host_name   

Result :- captures and display packets sent and received to/from host_name

 snoop -v   

Result :- display detailed information (Ether Header, IP Header, UDP Header, SUN RPC Header, SUN NFS)

 snoop hostA hostB  

Result :- captures and display packets sent and recived between hostA and hostB

 snoop -o file_name   

 Result :-  Redirects the snoop utility output to filename in summary mode

 snoop -i file_name   

Result :- Read saved snoop output from file_name

 snoop -o file_name tcp port 80  

Result :-  Redirects the snoop output to file_name and listen to tcp packets on port 80

 snoop -o file_name host hostA hostB and tcp and port 21  

Result :- Redirects the snoop output between hostA and hostB to file_name and listen to tcp traffic on port 21 (FTP)

Example :-
Let's assume that we have serverA and we want to know the password of FTP from hostA to that server.


➊ at the command prompt on serverA type :- 

 snoop -o snoop_ftp host hostA serverA and tcp and port 21  

➋ establish an FTP connection from hostA to serverA

➌ at the command prompt on serverA type

 snoop -V -i snoop_ftp | grep -i user

you will see the FTP name account

 snoop -V -i snoop_ftp | grep -i pass 

you will see the FTP account password.

Posted in: Solaris OS