exporting snoop output to a .cap
This is a discussion on exporting snoop output to a .cap within the Sun Solaris Hardware forums, part of the Solaris Operating System category; --> Hi, I'd like to know if we can use snoop and export the capture in a format (like *cap) ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-16-2008, 01:18 PM
| ||||
| ||||
 exporting snoop output to a .cap Hi, I'd like to know if we can use snoop and export the capture in a format (like *cap) which can be read by a packet analyser like Etheral or perhaps EtherDetect. I may not have permission to install etheral on one of my servers but would like to capture the packets and export it for analysis of snmp packets. thanks for any advice. regards, Veni inveni@hotmail.com      |
|
01-16-2008, 01:18 PM
| |||
| |||
| Re: exporting snoop output to a .cap In comp.unix.solaris Veni <inveni@hotmail.com> wrote: > I'd like to know if we can use snoop and export the capture in a format > (like *cap) which can be read by a packet analyser like Etheral or perhaps > EtherDetect. I may not have permission to install etheral on one of my > servers but would like to capture the packets and > export it for analysis of snmp packets. thanks for any advice. Ethereal will read snoop output files, so just : snoop -o /tmp/snoop.output Scott |
|
01-16-2008, 01:18 PM
| |||
| |||
| Re: exporting snoop output to a .cap "Veni" <inveni@hotmail.com> writes: > I'd like to know if we can use snoop and export the capture in a format >(like *cap) which can be read by a packet analyser like Etheral or perhaps >EtherDetect. I may not have permission to install etheral on one of my >servers but would like to capture the packets and >export it for analysis of snmp packets. thanks for any advice. Ethereal can read snoop files directly. But if you have something else that needs pcap file format, ethereal also comes with a util called mergecap that can read tons of different input file types and output stock pcap files. |
|
01-16-2008, 01:19 PM
| ||||
| ||||
| Re: exporting snoop output to a .cap "Veni" <inveni@hotmail.com> wrote in message news:<cklf3e$s5h$1@mawar.singnet.com.sg>... > Hi, > > I'd like to know if we can use snoop and export the capture in a format > (like *cap) which can be read by a packet analyser like Etheral or perhaps > EtherDetect. I may not have permission to install etheral on one of my > servers but would like to capture the packets and > export it for analysis of snmp packets. thanks for any advice. You need root permissions to run snoop, anway.. Back to topic: I never tried this, but with snoop, you can dump raw packets (matching the specific rules, if you want) into the file, and the other analyser PROBABLY can read raw packets from the file instead of wire. Regards, Andrei |
Linear Mode
