The Sniff Commands In Unix

What does the 'sniff' commands in unix do?
 
Sniff is a utility that allows the watching/recording of network packets that a computer can "see". Typically what is seen depends on the network topology, and more specifically, if its a switched or shared segment. Sniff can be configured to display specific packet types (by ID) or from specific ip addresses. It's sometimes part of the OS, but usually it's not.
 
 
What is Packet Sniffer?
 
Packet sniffing is listening (with software) to the raw network device for interesting packets. When the software sees a packet that fits certain criteria, it logs it to a file. The most common criterion for an interesting packet is one that contains words like “login” or “password.”
 
To packet sniff, obtain or code a packet sniffer that is capable of working with the type of network interface that the operating system supports:
 

Network interfaces include:
 
- LLI 

- NIT (Network Interface Tap) 

- Ultrix Packet Filter 

- DLPI (Data Link Provider Interface) 

- BPF (Berkeley Packet Filter) 

- LLI was a network interface that SCO used, which has been augmented with DLPI support as of SCO OpenServer Release V.
 
NIT was a network interface that Sun used, but has been replaced in later releases of SunOS/Solaris with DLPI.
 
Ultrix supported the Ultrix Packet Filter before Digital implemented support for BPF.
 
DLPI is supported under current System V Release 4 releases, SunOS/Solaris, AIX, HP/UX, UnixWare, Irix, and MacOS. DLPI is partially supported under Digital Unix. Sun DLPI version 2 supports Ethernet, X.25 LAPB, SDLC, ISDN LAPD, CSMA/CD, FDDI, Token Ring, Token Bus, and Bisync as data link protocols. The DLPI network interface provided with HP/UX supports Ethernet/IEEE 802.3, IEEE 802.5, FDDI, and Fibre Channel.
 
BPF is supported under current BSD and Digital Unix releases and has been ported to SunOS and Solaris. AIX supports BPF reads, but not writes. A BPF library is available for Linux.

See Also
Sed Command Using Variables

Have a Unix Problem
Do you have a UNIX Question?

Unix Books :-
UNIX Programming, Certification, System Administration, Performance Tuning Reference Books

Return to : - Unix System Administration Hints and Tips

(c) www.gotothings.com All material on this site is Copyright.
Every effort is made to ensure the content integrity.  Information used on this site is at your own risk.
All product names are trademarks of their respective companies.
The site www.gotothings.com is in no way affiliated with or endorsed by any company listed at this site.
Any unauthorised copying or mirroring is prohibited.