Re: Ip trace on lo0 Solaris

AFAIK on Solaris the loopback interface driver does not offer the hooks necessary for sniffing traffic. So you won't be able to do this with any tool (unless you rewrite the driver, it's Open Source now, for some definitions of Open Source).

Alternatively, you could use truss on the processes that are communicating over loopback. Or if it's Solaris 10 there may be a way to do this with dtrace.

All dogma is stupid.

Comment on Re: Ip trace on lo0 Solaris Download Code

Replies are listed 'Best First'.
Re^2: Ip trace on lo0 Solaris by yi (Initiate) on Feb 03, 2006 at 16:34 UTC
tirwhan, can you give me some examples of how to use truss for tracing communication of processes using loopback? thx	[reply]
Re^3: Ip trace on lo0 Solaris by tirwhan (Abbot) on Feb 03, 2006 at 17:04 UTC
You'll have to read your system's man-pages for specifics, I don't have a Solaris system handy. In general you'd Find the PID of the process communicating over loopback which you are interested in. You can use netstat for this, e.g. on Linux `netstat -nlp --tcp \| grep '127\.0\.0\.1'` will show you all processes listening on the loopback IP for TCP connections. Run truss with the appropriate option to show network system calls with their full argument strings. Using strace (the Linux equivalent to truss) this can be done with `strace -p <pid> -e trace=network -s 65536` All dogma is stupid.	[reply] [d/l] [select]