Daring to challenge the will of the almighty Leviam00se,
: The question about capturing and viewing packets is very common I'm sure, but
: I need to know more than what snoop on Solaris seems to be giving me.
: For example, I wanted to see why I was having authentication trouble with
: samba between a Win95 PC and my Solaris host. Without seeing the contents of
: a packet, I can't tell exactly what's going on using snoop. I can only see
: the headers of the packet and whether or not they were received. With tcpdump
: I can capture raw packets, but from looking at the man page, I can't view the
: contents - again just the headers...
: Is there anything (noncommercial) for Solaris or some sources that may compile
: on Solaris that'll let me look at the contents of a packet and not just the
: header? I wouldn't mind if there was some tool that used tcpdump's raw packet
You're not reading the tcpdump man page correctly. Tcpdump by default only
captures a small amount of the packet since typically most people only want
to see the header, but you can specify a larger size if you want. You can
also specify -x to dump the packet contents in hexadecimal. So if you want to
display say, at least 256 bytes of each packet, then use:
# tcpdump -x -s 256
You can also dump the raw packet contents to a file and then use tcpdump
to 'replay' the file contents later. In effect, it 'captures' the data
from the file just like it did originally from the network.
Alternatively, you can write your own program using the libpcap library,
which is what tcpdump uses. You cat get libpcap from:
It happens that _UNIX Network Programming, 2nd Edition_ by W. Richard
Stevens has a section that explains how libpcap works and presents sample
code that uses it. It's really pretty straightforward. Libpcap also works
on SunOS, HP-UX 10.20, IRIX, AIX 4 (using BPF) in addition to Solaris.
It also knows about certain non-ethernet devices on Solaris as well (I've
used with Fore ATM adapters).
-Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu
"Now, that's "Open" as used in the sentence "Open your wallet", right?"