This week I have been looking at a performance problem on some Solaris Unix boxes. Due to the logs not providing enough data, I have had to piece together the transaction timeline through network captures. Normally, these are supplied to me by the sys admin or I capture myself with wireshark. However, this time I had access to the boxes and could do a network capture using the unix tool called snoop. So, here are my notes on using snoop.
First if snoop is not in your path you will need to find it and add the location to your path. To find the location use
"find / -name snoop"
Next on multi network machine you have to find the correct interface to monitor. To do this list them with the
You will need to have root access to run snoop so the basic command will be
Here are a few other examples
Capture packets on network interface vnet2 for any traffic that doesn’t use port 7001
sudo snoop -d vnet2 not port 7001
Capture packets that are to or from server gbcrf123 on network interface vnet2
sudo snoop -d vnet2 gbcrf123
And now if you want to capture to a file that can be read by wireshark us
sudo snoop -o filename