What is Snoop / Tethereal ?

Snoop is an executable binary that puts your system’s interface(s) in promiscuous mode. By being in promiscuous mode, snoop captures all packets on you network, in either real time or capture file format. What makes snoop so powerful is the detail of information it provides and the flexibility of the tool.

Tethereal is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. Tethereal’s native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.

Usually you can use tethreal on LInux OS and snoop on Solaris Operation Environment.

For detail info, you can read on

Here I give you, the easiest way to use snoop and tethereal

How to use snoop ?

Check your network interface card (NIC), for example, your IP is

bash-2.05$ ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet netmask ff000000
inet netmask ffffffe0 broadcast
ce2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet netmask ffffff00 broadcast

You if you want to do snoop, use your ce2 interface

#snoop -d ce2 -w output_file.cap

How to use tethereal ?

For example if you want to sniff SMPP packet on IP

#tethereal -i ce2 proto SMPP -w output_file.cap

Open your snoop or tethereal file with ethereal ( and you can analyze your packet.



No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


Twitter Updates

Error: Twitter did not respond. Please wait a few minutes and refresh this page.

%d bloggers like this: