Darkpoint Technology Ltd. - Knowledge Base

Knowledge Base

Index

Home

Back to the Darkpoint Technology home page

The Index for this knowledge base.

How to use snoop

How to use snoop. snoop is a Unix utility to display network traffic.

Examples (run as root):

/usr/sbin/snoop -d hme0 displays all network traffic passing through interface hme0

/usr/sbin/snoop -d hme0 -V more verbose version of above

/usr/sbin/snoop -d hme0 -v more verbose version of -V option

/usr/sbin/snoop -d hme0 141.228.237.15 displays all network traffic betwen local server and 141.228.237.15
(assuming hme0 is the correct interface for traffic to 141.228.237.15)

/usr/sbin/snoop -d qfe1 -p 443 displays all network traffic using interface qfe1 on port 443

/usr/sbin/snoop -d hme0 -o /tmp/snoop.log logs snoop data to file (snoop binary file format)

/usr/sbin/snoop -d hme0 -o /tmp/snoop.log -c 500 logs snoop data to file, quits after capturing 500 packets

/usr/sbin/snoop -i /tmp/snoop.log displays snoop data from file

/usr/sbin/snoop -i /tmp/snoop.log 30.75.104.5 port 80 displays snoop data from file, filtering for IP 30.75.104.5 and port 80

/usr/sbin/snoop -d hme0 from 30.74.3.26 displays network traffic sent from 30.74.3.26

/usr/sbin/snoop -d hme0 to 30.74.3.26 displays network traffic sent to 30.74.3.26

See the Unix man page for more details ie man snoop.

Formally Darkpoint Technology Ltd. -- Company Number: 4019337