|What does the 'sniff' commands in unix do?
Sniff is a utility that allows the watching/recording of network packets that a computer can "see". Typically what is seen depends on the network topology, and more specifically, if its a switched or shared segment. Sniff can be configured to display specific packet types (by ID) or from specific ip addresses. It's sometimes part of the OS, but usually it's not.
What is Packet Sniffer?
Packet sniffing is listening (with software) to the raw network device for interesting packets. When the software sees a packet that fits certain criteria, it logs it to a file. The most common criterion for an interesting packet is one that contains words like “login” or “password.”
To packet sniff, obtain or code a packet sniffer that is capable of working with the type of network interface that the operating system supports:
Network interfaces include:
- NIT (Network Interface Tap)
- Ultrix Packet Filter
- DLPI (Data Link Provider Interface)
- BPF (Berkeley Packet Filter)
- LLI was a network interface that SCO used, which has been augmented
with DLPI support as of SCO OpenServer Release V.
Have a Unix Problem
Return to : - Unix System Administration Hints and Tips
(c) www.gotothings.com All material on this site is