?
Solved

unix solaris snoop command

Posted on 2016-11-07
6
Medium Priority
?
169 Views
Last Modified: 2016-11-08
when i run snoop command, it generate a file too big. Is there any way to run the command to output to different files versions (i.e. snoopfile1,snoopfile2,snoopfile3,etc)
0
Comment
Question by:Shen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 16

Accepted Solution

by:
Joseph Gan earned 2000 total points
ID: 41878043
You can use snoop -c maxcount common, where "maxcount" is number of packets captured before quit.
0
 
LVL 16

Expert Comment

by:Joseph Gan
ID: 41878047
For example, if you want to capture 10k packets in each file, something like:

for i in 1 2 3 4 5
do
snoop -c 10000 > snoopfile$i
done
0
 

Author Comment

by:Shen
ID: 41878683
Gangos,

Just to make sure i understand your logic. I  was running the following command:
 snoop -c 10000  -v -tr -o /snoop1out.pcap -d e1000g3 &

when i use your loop with my command, will this run the snoop until it reaches 10k and then generate another file? After it write to the file it it goes back and increment the loop count and does it again until it reaches 5?

for i in 1 2 3 4 5
do
   snoop -c 10000 -v -tr -o /snoop1out.pcap -d e1000g3  & > snoopfile$i
done
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 

Author Comment

by:Shen
ID: 41878718
gangos,

correction:
 snoop -c 10000 -v -tr  -d e1000g3  & > snoopfile$i
0
 

Author Comment

by:Shen
ID: 41878955
Gangos,

your soluction worked with a minor variation:
using the redirect ">" to a file does not let the file be red by wiereshark. Ineed to use -o  "file". So i changed to code below and it worked.
 
for i in {1..10}
 do
    snoop -c 10000 -v -tr -o /snoop1out.pcap -d e1000g3
 done

Thank you very much. Your suggestion was very helpful.
0
 

Author Closing Comment

by:Shen
ID: 41878963
thanks again. Now i am looking the  syntax to filter multiple ports with snoop.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question