Just tried to troubleshoot high network usage on an old Solaris server and, naturally, typed the command tcpdump. Sadness hit me - tcpdump doesn't exist on Solaris.
But there's snoop on Solaris, which seems to be a worthy alternative of tcpdump. At least I could figure out what was going on and pin-point the causing process.
So on Linux I'd have done:
linux:~ # tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:30:39.469512 IP 192.168.252.85.44326 > server01.ssh: Flags [P.], seq 196273793:196273857, ack 1276950350, win 331, options [nop,nop,TS val 1545899889 ecr 852624366], length 64
10:30:39.470948 IP server01.ssh > 192.168.252.85.44326: Flags [P.], seq 1:33, ack 64, win 49248, options [nop,nop,TS val 852625868 ecr 1545899889], length 32
10:30:39.470963 IP 192.168.252.85.44326 > server01.ssh: Flags [.], ack 33, win 331, options [nop,nop,TS val 1545899890 ecr 852625868], length 0
10:30:39.471084 ARP, Request who-has 192.168.252.53 tell 192.168.252.85, length 28
And on Solaris using snoop:
(solaris </root>) 1 # snoop -d back0
Using device back0 (promiscuous mode)
? -> (multicast) ETHER Type=0000 (LLC/802.3), size=52 bytes
? -> (multicast) ETHER Type=0000 (LLC/802.3), size=52 bytes
? -> (multicast) ETHER Type=0000 (LLC/802.3), size=52 bytes
? -> (multicast) ETHER Type=2000 (Unknown), size=401 bytes
? -> (multicast) ETHER Type=0000 (LLC/802.3), size=52 bytes
10.10.90.28 -> (broadcast) ARP C Who is 10.10.90.28, 10.10.90.28 ?
Alexander from Schweiz wrote on Jul 12th, 2013:
Yep, snoop is a "worthy alternative" to tcpdump. With "snoop -o file …" you can redirect ouput to a file (just like "-w file" for writing to a file with tcpdump).
And such a file can then be opened with Wireshark for further analysis.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder