On Tue, Jun 04, 2002 at 10:38:39AM +0200, Schlabach, Torsten wrote:
> - We do have a Solaris Box on which we want to use snoop (the Solaris
> equivalent of tcpdump as I understand) to capture traffic to a file.
The Solaris equivalent of tcpdump is tcpdump. :-)
I.e., you can run tcpdump on Solaris, although the capture filter
expressions will always be run in user mode, unlike snoop, where, if the
filter expression doesn't involve looking at anything other than the
link-layer and IP header, the filter can be run in the kernel, thus
saving CPU time copying up to user mode packets that won't pass the
filter.
> - The snoop file will be transferred to a Windows NT box running Ethereal.
>
> Ethereal just refuses to open the snoop file saying that the file was
> not in a format that Ethereal understands.
>
> I have tried to look at the sample from the Ethereal Website
> (www.ethereal.com/samples, 3.) I can open that file on my PC without
> any problem, but I cannot open it in a text editor to compare it to the
> snoop file that I produced because it is somehow compressed.
It's not compressed, it's *binary*.
Ethereal expects to read *binary* capture files from snoop; it cannot
read the text output from snoop.
To write out a binary file in snoop, use the "-o" flag.
> - what options to use on snoop
"-o".
> - how to make the sample from the website readable
Run it through snoop with the "-i" flag and without the "-o" flag, or
run it through Tethereal with the "-r" flag and without the "-w" flag,
or read it into Ethereal and print it out with the "Print" option in the
"File" menu.
