{"id":37,"date":"2007-10-21T23:35:41","date_gmt":"2007-10-21T15:35:41","guid":{"rendered":"http:\/\/www.sysadmindayph.com\/blog\/view-network-traffic-from-solaris-command-line\/"},"modified":"2007-10-21T23:35:41","modified_gmt":"2007-10-21T15:35:41","slug":"view-network-traffic-from-solaris-command-line","status":"publish","type":"post","link":"http:\/\/www.sysadmindayph.com\/blog\/view-network-traffic-from-solaris-command-line\/","title":{"rendered":"View Network Traffic From Solaris Command Line"},"content":{"rendered":"<p>A request from a colleague was to check if there are traffic coming from a specific host to the local host. Both are running Solaris Unix, one is an Ultra5 (pretty old) and a Sparc Ultra 250, still old.<\/p>\n<p><tt>specific interface<\/tt><\/p>\n<p>There are many commands used by many UNIX admins to monitor network traffic going to and from a specific UNIX box.<\/p>\n<p>Here are some of them:<\/p>\n<ul>\n<li>netstat -k<\/li>\n<li>ntop<\/li>\n<li><a href=\"http:\/\/www.princeton.edu\/~unix\/Solaris\/troubleshoot\/kstat.html\">kstat<\/a><\/li>\n<li>snoop<\/li>\n<\/ul>\n<p>It all depends on the admin&#8217;s approach and the required information that needs to be gathered.<\/p>\n<p>In our case here snoop serves the purpose very well.<\/p>\n<blockquote><p>&#8220;Snoop&#8221; capture and inspect network packets<span id=\"intelliTXT\">. It captures both TCP and UDP traffic. It is a tool that is shipped with Solaris.<\/span><\/p><\/blockquote>\n<p>Here&#8217;s a sample output we did on the Unix box:<\/p>\n<blockquote><p># snoop<br \/>\nUsing device \/dev\/hme (promiscuous mode)<br \/>\nserver40 -&gt; serverfs01     TCP D=49678 S=22     Ack=3304463642 Seq=13090730 Len=80 Win=24820<br \/>\nserverfs01 -&gt; server40     TCP D=22 S=49678     Ack=13090810 Seq=3304463642 Len=0 Win=24820<br \/>\nserverws12 -&gt; server40     NIS C MATCH 149.122.32.31 in hosts.byaddr<br \/>\nserver40 -&gt; serverws12     NIS R MATCH OK<\/p><\/blockquote>\n<p>From<\/p>\n<blockquote><p>TCP D=49678 S=22<\/p><\/blockquote>\n<p>TCP packet with source port of 22 (ssh) and destination of 49678 (some application)<\/p>\n<p>Here&#8217;s link for other third party software used in <a href=\"http:\/\/www.topology.org\/comms\/netmon.html\">monitoring network traffic<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A request from a colleague was to check if there are traffic coming from a specific host to the local host. Both are running Solaris Unix, one is an Ultra5 (pretty old) and a Sparc &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,5],"tags":[],"class_list":["post-37","post","type-post","status-publish","format-standard","hentry","category-commands","category-solaris"],"_links":{"self":[{"href":"http:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts\/37","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/comments?post=37"}],"version-history":[{"count":0,"href":"http:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts\/37\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/media?parent=37"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/categories?post=37"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/tags?post=37"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}