[tech] Solaris snoop: how can the packet contents be extracted usefully?

[Matt Johnston]

Try out ethereal.

According to the ethereal manpage, it can handle snoop, and it appears to 
extract packet contents reasonably well.

Cheers,
Matt.

On Fri, 27 Jul 2001 19:54, you wrote:
> Hmmm,
>
> If I have a dump of IP packets produced by Solaris `snoop`, how can I
> extract the data (not headers) from consecutive packets and concatenate
> them to recreate a long stream of data (let's assume that the packets are
> TCP packets and are in the correct order and without duplication)? There
> don't seem to be command-line options to do this (the stream contains a
> mixture of ASCII and 'binary' data which makes it hard to read with
> the naked eye, plus I want to process it). `snoop -i filename -x 0` is
> on the right track, but I want the raw bytes, not the pretty printing.
> Because I don't know the format of the output, I don't know how to
> extract the data programmatically (of course, I'd prefer an
> out-of-the-box solution to one that I have to write myself). For some
> reason I've been having trouble finding the snoop source. But in any
> case, the output is from the snoop that's bundled with Solaris 8 so it
> may not resemble other snoops (and I don't have the Solaris 8 source).
>
> Thank you.
>
> PS. No, I cannot use a different capture programme, I have to use
> the output that I have.
>
> PPS. Internet Explorer su...oh never mind.