HOW TO : Capture network traffic on a Solaris server

If you don’t have tcpdump installed on your solaris server, you can use the “snoop” system command to capture network traffic.

Here is the command line option to capture 1000 packets of network traffic from IP 192.168.10.10 on a solaris server using inteface e1000g1 and write the output to /tmp/capture.pcap

snoop -d e1000g1 -c 10000 -o /tmp/capture.pcap host 192.168.10.10

Details of the command options

  • -d : Name of the interface you want to capture traffic on
  • -c : Number of packets you want to capture
  • -o : Path to the output file
  • host : IP address of the host you want to capture traffic from and to

More details at https://docs.oracle.com/cd/E23824_01/html/821-1453/gexkw.html

PS : You have to have root privileges to run this command.