Wednesday, 24 September 2014

snoop/tcp dump collection in Solaris and HP-UX

Please use the below commands to collect the snoop/tcp dump

1)For Solaris we have snoop inbuilt command and tcpdump we need to install the pkg separately

# snoop -d vnet0 -o /temp/tcp/file.pcap host xyz


2) For HP-UX

a) Start collecting
# nettl -tn 0x30800000 -e all -tracemax 99999 -f /temp/tcp/raw0

b)List the logs files
# ls -la /temp/tcp/raw0.TRC*
-rw-------   1 root       sys        24108412 Sep 12 17:05 /temp/tcp/raw0.TRC000
-rw-------   1 root       sys        45472087 Sep 12 17:03 /temp/tcp/raw0.TRC001

c)Stop Tracing to the Raw Trace File

# nettl -tf -e all

mv /temp/tcp/raw0.TRC000 /temp/tcp/raw0.pcap
mv /temp/tcp/raw0.TRC001 /temp/tcp/raw1.pcap

--> Rename files to .pcap and Send these two files to Network team

IBM AIX

#tcpdump -s 0 -w /tmp/dump.pcap dst 0.0.0.0 and port 2013

No comments:

Post a Comment