Doing testing on a server right now. Both the client and server are on my machine. I am trying to snoop the packets between them but am not having any luck. These are some variations I have tried:
sudo snoop host myHost and port 443 or port 8443
sudo snoop to host myHost from host myHost
Neither of these returns any results. Does this suggest:
- snoop cannot pickup packets that are between the same host
- I am using snoop wrong
- my client and server are doing something strange
These commands all return a lot of information (so I am assuming that it works and is configured properly)
sudo snoop
sudo snoop host myHost
To the best of my knowledge, Solaris doesn't allow you to capture on the local loopback interface (lo0, in your case). For example, this page states flatly that it can't be done on Solaris short of a kernel recompile.
So you would have to either set up the client and server on separate machines, or see if there's some way to route the traffic through your network (so that it goes through the non-loopback interface).
I'm not very familiar with snoop, but perhaps you would have better luck with wireshark?
You're listening on one of the ethernet interfaces but talking over the loopback. From the
snoopman page:-d device Receive packets from the network using the interface specified by device. Usually le0 or ie0. The program netstat(1M), when invoked with the - i flag, lists all the interfaces that a machine has. Normally, snoop will automatically choose the first non-loopback interface it finds.So if you want to eavesdrop on local communications, add your loopback interface using the
-doption.Run the snoop command as shown below:
root@psp-2 # snoop -o /export/home/john/file.pcap
Using device vnet0 (promiscuous mode)
Press Ctrl+C to stop the packet capture.