SUMMARY - Weird behavior when running snoop (sort of)

From: Andres Rojas <>
Date: Tue Aug 05 2003 - 10:44:49 EDT
Dear Managers,

 Thanks for the messages sent. Some said snoop is not a good monitoring
 tool for more than 10 minutes since it will eat up the system resources.
 Others said under Solaris 9 full patched there is no problem.

 After a little of research I found "tcpdump" for Solaris which is part of
 the standard distribution of Linux. It's able to use filters to produce
 the right output you need to look at and it's able to write to a binary
 file in a raw format that won't eat up the system's resources. The
 resulting file can be read with "tcpdump" or "ethereal". There are
 versions of "ethereal" for windows making easy the reading and
 interpretation of the resulting file. TCP/IP knowledge is highly

 About the hanging of the snoop processes that made us to pull the power
 cord, there are no clues about it. I have several recommendations after
 running the "suncheckup" tool but there's a reluctancy to apply any patch.

 Thank you all,

 - Andres.
