Ip trace on lo0 Solaris

yi has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: Ip trace on lo0 Solaris by tirwhan (Abbot) on Feb 03, 2006 at 15:47 UTC
AFAIK on Solaris the loopback interface driver does not offer the hooks necessary for sniffing traffic. So you won't be able to do this with any tool (unless you rewrite the driver, it's Open Source now, for some definitions of Open Source). Alternatively, you could use truss on the processes that are communicating over loopback. Or if it's Solaris 10 there may be a way to do this with dtrace. All dogma is stupid.	[reply] [d/l]
Re^2: Ip trace on lo0 Solaris by yi (Initiate) on Feb 03, 2006 at 16:34 UTC
tirwhan, can you give me some examples of how to use truss for tracing communication of processes using loopback? thx	[reply]
Re^3: Ip trace on lo0 Solaris by tirwhan (Abbot) on Feb 03, 2006 at 17:04 UTC
You'll have to read your system's man-pages for specifics, I don't have a Solaris system handy. In general you'd Find the PID of the process communicating over loopback which you are interested in. You can use netstat for this, e.g. on Linux `netstat -nlp --tcp \| grep '127\.0\.0\.1'` will show you all processes listening on the loopback IP for TCP connections. Run truss with the appropriate option to show network system calls with their full argument strings. Using strace (the Linux equivalent to truss) this can be done with `strace -p <pid> -e trace=network -s 65536` All dogma is stupid.	[reply] [d/l] [select]
Re: Ip trace on lo0 Solaris by idle (Friar) on Feb 03, 2006 at 15:31 UTC
Hm, I thought it should be 127.0.0.1(at least for ipv4)?	[reply]
Re^2: Ip trace on lo0 Solaris by tirwhan (Abbot) on Feb 03, 2006 at 15:51 UTC
lo0 is the network interface device, 127.0.0.1 is one IP address assigned to that device. On many systems, the loopback interface uses 127.0.0.0/8, so 127.123.45.67 is just as valid an IPv4 address for that device. All dogma is stupid.	[reply] [d/l]