Ip trace on lo0 Solaris
Dear monks,
does any of you know if it is possible to trace ip on the loopback interface(lo0) of a Solaris machine.
It seems not to be possible via default sniffers like snoop or tcpdump; so I wondered if there is some Perl workaround to do the stuff.
All dogma is stupid.
does any of you know if it is possible to trace ip on the loopback interface(lo0) of a Solaris machine.
It seems not to be possible via default sniffers like snoop or tcpdump; so I wondered if there is some Perl workaround to do the stuff.
Re: Ip trace on lo0 Solaris
created: 2006-02-03 10:31:45
Hm, I thought it should be 127.0.0.1(at least for ipv4)?
All dogma is stupid.
Re^2: Ip trace on lo0 Solaris
created: 2006-02-03 10:51:34
lo0 is the network interface device, 127.0.0.1 is one IP address assigned to that device. On many systems, the loopback interface uses 127.0.0.0/8, so 127.123.45.67 is just as valid an IP address for that device.
All dogma is stupid.
Re: Ip trace on lo0 Solaris
created: 2006-02-03 10:47:19
AFAIK on Solaris the loopback interface driver does not offer the hooks necessary for sniffing traffic. So you won't be able to do this with any tool (unless you rewrite the driver, it's Open Source now for some definitions of OS).
Alternatively, you could use truss on the processes that are communicating over loopback. Or if it's Solaris 10 there may be a way to do this with dtrace.
All dogma is stupid.
Re^2: Ip trace on lo0 Solaris
created: 2006-02-03 11:34:36
tirwhan,
can you give me some examples of how to use truss for tracing communication of processes using loopback? thx
All dogma is stupid.
can you give me some examples of how to use truss for tracing communication of processes using loopback? thx
Re^3: Ip trace on lo0 Solaris
created: 2006-02-03 12:04:07
You'll have to read your system's man-pages for specifics, I don't have a Solaris system handy. In general you'd
- Find the PID of the process communicating over loopback which you are interested in. You can use netstat for this, e.g. on Linux
netstat -nlp --tcp | grep '127\.0\.0\.1'
will show you all processes listening on the loopback IP for TCP connections. - Run truss with the appropriate option to show network system calls with their full argument strings. Using strace (the Linux equivalent to truss) this can be done with
strace -p-e trace=network -s 65536
All dogma is stupid.