Saturday, 15 March 2014

TCP Dump-Linux/Unix OR SNOOP - Solaris

TCP Dump and  Snoop are built in tools in Unix/Linux and Solaris respectively.

These tools are used to capture the network packets and store it in a file for analysis.

TCP Dump or Snoop can be captured for a particular host of source and store it in a file for further analysis.

The captured dump file will contain source and destination address, state and flag information set in the header.

By default tcp dump will capture first 96 bytes of the capture and we can modify the command to capture complete information of the packets.

TCP Dump or Snoop file can be analyzed using wire-shark tool .

commands used to capture the dumps are

tcpdump -w filename.pcap -s0 -i -n src host IPAddress

snoop -i IP