Please use the below commands to collect the snoop/tcp dump
1)For Solaris we have snoop inbuilt command and tcpdump we need to install the pkg separately
# snoop -d vnet0 -o /temp/tcp/file.pcap host xyz
2) For HP-UX
a) Start collecting
# nettl -tn 0x30800000 -e all -tracemax 99999 -f /temp/tcp/raw0
b)List the logs files
# ls -la /temp/tcp/raw0.TRC*
-rw------- 1 root sys 24108412 Sep 12 17:05 /temp/tcp/raw0.TRC000
-rw------- 1 root sys 45472087 Sep 12 17:03 /temp/tcp/raw0.TRC001
c)Stop Tracing to the Raw Trace File
# nettl -tf -e all
mv /temp/tcp/raw0.TRC000 /temp/tcp/raw0.pcap
mv /temp/tcp/raw0.TRC001 /temp/tcp/raw1.pcap
--> Rename files to .pcap and Send these two files to Network team
IBM AIX
#tcpdump -s 0 -w /tmp/dump.pcap dst 0.0.0.0 and port 2013
1)For Solaris we have snoop inbuilt command and tcpdump we need to install the pkg separately
# snoop -d vnet0 -o /temp/tcp/file.pcap host xyz
2) For HP-UX
a) Start collecting
# nettl -tn 0x30800000 -e all -tracemax 99999 -f /temp/tcp/raw0
b)List the logs files
# ls -la /temp/tcp/raw0.TRC*
-rw------- 1 root sys 24108412 Sep 12 17:05 /temp/tcp/raw0.TRC000
-rw------- 1 root sys 45472087 Sep 12 17:03 /temp/tcp/raw0.TRC001
c)Stop Tracing to the Raw Trace File
# nettl -tf -e all
mv /temp/tcp/raw0.TRC000 /temp/tcp/raw0.pcap
mv /temp/tcp/raw0.TRC001 /temp/tcp/raw1.pcap
--> Rename files to .pcap and Send these two files to Network team
IBM AIX
#tcpdump -s 0 -w /tmp/dump.pcap dst 0.0.0.0 and port 2013
No comments:
Post a Comment