How to Check Packets Between Server and Client

1. Establish a snoop system off a hub that is connected to either the client or server.

   The third system (the snoop system) checks all the intervening traffic, so the snoop trace reflects what is actually happening on the wire.

2. Become superuser.

3. On the command line, type snoop with options and save to a file.

4. Inspect and interpret results.

   Look at RFC 1761 for details of the snoop capture file.

Use snoop frequently and consistently to become familiar with normal system behavior. For assistance in analyzing packets, look for a recent white paper and RFC, and seek the advice of an expert in a particular area, such as NFS or YP. For details on using snoop and its options, refer to the snoop(1M) man page.

Displaying Routing Information

Use the traceroute utility to trace the route an IP packet follows to some Internet host. The traceroute utility utilizes the IP protocol (time-to-live) ttl field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path. This utility also attempts to elicit the response PORT_UNREACHABLE (or ECHO_REPLY) from the destination host. The traceroute utility sends probes with a ttl of one and increases by one until the intended host is found or has incremented beyond the maximum number of intermediate hosts.

The traceroute utility is especially useful for determining routing misconfiguration and routing path failures. If a particular host is unreachable, you can use the traceroute utility to see what path the packet follows to the intended host and where possible failures might occur.

The traceroute utility also displays the round trip time for each gateway along the path to the target host. This information can be useful for analyzing where traffic is slow between the two hosts.

How to Run the Traceroute Utility

• On the command line, type the following command.

  % traceroute destination-hostname

For details of the traceroute utility, see the traceroute(1M) man page.

Example--traceroute Utility

The following sample of the traceroute command shows the seven-hop path a packet follows from the host istanbul to the host sanfrancisco, along with the times for a packet to traverse each hop.

istanbul% traceroute sanfrancisco
	traceroute: Warning: Multiple interfaces found; using 172.31.86.247 @ le0
	traceroute to sanfrancisco (172.29.64.39), 30 hops max, 40 byte packets
	 1  frbldg7c-86 (172.31.86.1)  1.516 ms  1.283 ms  1.362 ms
	 2  bldg1a-001 (172.31.1.211)  2.277 ms  1.773 ms  2.186 ms
	 3  bldg4-bldg1 (172.30.4.42)  1.978 ms  1.986 ms  13.996 ms
	 4  bldg6-bldg4 (172.30.4.49)  2.655 ms  3.042 ms  2.344 ms
	 5  ferbldg11a-001 (172.29.1.236)  2.636 ms  3.432 ms  3.830 ms
	 6  frbldg12b-153 (172.29.153.72)  3.452 ms  3.146 ms  2.962 ms
	 7  sanfrancisco (172.29.64.39)  3.430 ms  3.312 ms  3.451 ms