Summary & Thanks - Fifo In Solaris

From: Ragnar Moller \(MA/EAF\) (
Date: Mon Jan 08 2007 - 03:50:38 EST

Thanks to all pro's who used a few moments to note down their bits of
knowledge essential to me.

Reminder of the question: I wanted to snoop an interface with high traffic
and not fill up the
                                        disk partition I was snooping to

1) Use logadm to rotate the output, didn't try this one, but I will explore
the function in the future

2) Use Tcpdumwhich has rotation of the output built in with the switch -s
(this was my choice)

        root@box# tcpdump -I <foo> -w something.pcap -C <number of megabytes> -s 0
<capture spec>

3) Use filters to a maximum to limit the file size (requires a tedious reading
of the snoop man file)

4) Use Ethereal instead (I can't use it on the target production machine)

5) Use Awk or Perl (yes, but too much tinkering for too little time))

6) Finally a warning that I might loose the fileheader and won't be able to do
snoop -i after
    (Actually I analyze the output with etherreal)


Ragnar Moller

Til: + 33 1 69 93 75 73 / ECN 879 5206
Mobile: + 33 6 50 86 47 24
Fax: + 33 1 69 93 70 10
Sicr: + 33 1 69 93 76 01
sunmanagers mailing list

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:26 EDT