Solved

unix solaris snoop command

Posted on 2016-11-07
6
48 Views
Last Modified: 2016-11-08
when i run snoop command, it generate a file too big. Is there any way to run the command to output to different files versions (i.e. snoopfile1,snoopfile2,snoopfile3,etc)
0
Comment
Question by:Shen
  • 4
  • 2
6 Comments
 
LVL 16

Accepted Solution

by:
Joseph Gan earned 500 total points
ID: 41878043
You can use snoop -c maxcount common, where "maxcount" is number of packets captured before quit.
0
 
LVL 16

Expert Comment

by:Joseph Gan
ID: 41878047
For example, if you want to capture 10k packets in each file, something like:

for i in 1 2 3 4 5
do
snoop -c 10000 > snoopfile$i
done
0
 

Author Comment

by:Shen
ID: 41878683
Gangos,

Just to make sure i understand your logic. I  was running the following command:
 snoop -c 10000  -v -tr -o /snoop1out.pcap -d e1000g3 &

when i use your loop with my command, will this run the snoop until it reaches 10k and then generate another file? After it write to the file it it goes back and increment the loop count and does it again until it reaches 5?

for i in 1 2 3 4 5
do
   snoop -c 10000 -v -tr -o /snoop1out.pcap -d e1000g3  & > snoopfile$i
done
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Shen
ID: 41878718
gangos,

correction:
 snoop -c 10000 -v -tr  -d e1000g3  & > snoopfile$i
0
 

Author Comment

by:Shen
ID: 41878955
Gangos,

your soluction worked with a minor variation:
using the redirect ">" to a file does not let the file be red by wiereshark. Ineed to use -o  "file". So i changed to code below and it worked.
 
for i in {1..10}
 do
    snoop -c 10000 -v -tr -o /snoop1out.pcap -d e1000g3
 done

Thank you very much. Your suggestion was very helpful.
0
 

Author Closing Comment

by:Shen
ID: 41878963
thanks again. Now i am looking the  syntax to filter multiple ports with snoop.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now