Link to home
Start Free TrialLog in
Avatar of Shen
ShenFlag for United States of America

asked on

unix solaris snoop command

when i run snoop command, it generate a file too big. Is there any way to run the command to output to different files versions (i.e. snoopfile1,snoopfile2,snoopfile3,etc)
ASKER CERTIFIED SOLUTION
Avatar of Joseph Gan
Joseph Gan
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
For example, if you want to capture 10k packets in each file, something like:

for i in 1 2 3 4 5
do
snoop -c 10000 > snoopfile$i
done
Avatar of Shen

ASKER

Gangos,

Just to make sure i understand your logic. I  was running the following command:
 snoop -c 10000  -v -tr -o /snoop1out.pcap -d e1000g3 &

when i use your loop with my command, will this run the snoop until it reaches 10k and then generate another file? After it write to the file it it goes back and increment the loop count and does it again until it reaches 5?

for i in 1 2 3 4 5
do
   snoop -c 10000 -v -tr -o /snoop1out.pcap -d e1000g3  & > snoopfile$i
done
Avatar of Shen

ASKER

gangos,

correction:
 snoop -c 10000 -v -tr  -d e1000g3  & > snoopfile$i
Avatar of Shen

ASKER

Gangos,

your soluction worked with a minor variation:
using the redirect ">" to a file does not let the file be red by wiereshark. Ineed to use -o  "file". So i changed to code below and it worked.
 
for i in {1..10}
 do
    snoop -c 10000 -v -tr -o /snoop1out.pcap -d e1000g3
 done

Thank you very much. Your suggestion was very helpful.
Avatar of Shen

ASKER

thanks again. Now i am looking the  syntax to filter multiple ports with snoop.