View Network Traffic From Solaris Command Line

A request from a colleague was to check if there are traffic coming from a specific host to the local host. Both are running Solaris Unix, one is an Ultra5 (pretty old) and a Sparc Ultra 250, still old.

specific interface

There are many commands used by many UNIX admins to monitor network traffic going to and from a specific UNIX box.

Here are some of them:

  • netstat -k
  • ntop
  • kstat
  • snoop

It all depends on the admin’s approach and the required information that needs to be gathered.

In our case here snoop serves the purpose very well.

“Snoop” capture and inspect network packets. It captures both TCP and UDP traffic. It is a tool that is shipped with Solaris.

Here’s a sample output we did on the Unix box:

# snoop
Using device /dev/hme (promiscuous mode)
server40 -> serverfs01 TCP D=49678 S=22 Ack=3304463642 Seq=13090730 Len=80 Win=24820
serverfs01 -> server40 TCP D=22 S=49678 Ack=13090810 Seq=3304463642 Len=0 Win=24820
serverws12 -> server40 NIS C MATCH 149.122.32.31 in hosts.byaddr
server40 -> serverws12 NIS R MATCH OK

From

TCP D=49678 S=22

TCP packet with source port of 22 (ssh) and destination of 49678 (some application)

Here’s link for other third party software used in monitoring network traffic.

2 thoughts on “View Network Traffic From Solaris Command Line”

Leave a Reply

Your email address will not be published. Required fields are marked *