This chapter contains tasks for administering a TCP/IP network. The following topics are covered:Major TCP/IP Administrative Tasks (Task Map) Monitoring Network Status With the netstat Command Probing Remote Hosts With the ping Command Administering and Logging Network Status Displays Displaying Routing Information With the traceroute Command Monitoring Packet Transfers With the snoop Command Administering Default Address Selection The tasks assume that you have an operational TCP/IP network at your site, either IPv4-only or dual-stack IPv4/IPv6. If you want to implement IPv6 at your site but have not done so, refer to following chapters for more information:To plan an IPv6 implementation, refer to Chapter 4, Planning an IPv6 Network (Tasks). To configure IPv6 and create a dual-stack network environment, refer to Chapter 7, Enabling IPv6 on a Network (Tasks). Task Description For Information Display configuration information about an interface. Determine the current configuration of each interface on a system. How to Get Information About a Specific Interface Display interface address assignments. Determine the address assignments for all interfaces on the local system. How to Display Interface Address Assignments Display statistics on a per-protocol basis. Monitor the performance of the network protocols on a particular system. How to Display Statistics by Protocol Display network status. Monitor your system by displaying all sockets and routing table entries. The output includes the inet address family for IPv4 and inet6 address family for IPv6. How to Display the Status of Sockets Display the status of network interfaces. Monitor the performance of network interfaces, which is useful for troubleshooting transmission problems. How to Display Network Interface Status Display packet transmission status. Monitor the state of packets as they are sent over the wire. How to Display the Status of Transmissions for Packets of a Specific Address Type Control the display output of IPv6-related commands. Controls the output of the ping, netstat, ifconfig, and traceroute commands. Creates a file that is named inet_type. Sets the DEFAULT_IP variable in this file. How to Control the Display Output of IP-Related Commands Monitor network traffic. Displays all IP packets by using the snoop command. How to Monitor IPv6 Network Traffic Trace all routes that are known to the network's routers. Uses the traceroute command to show all routes. How to Trace All Routes &ipv6-monitoring;The netstat command generates displays that show network status and protocol statistics. You can display the status of TCP, SCTP, and UDP endpoints in table format. You can also display routing table information and interface information. The netstat command displays various types of network data, depending on the selected command-line option. These displays are the most useful for system administration. The basic syntax for netstat follows: netstat [m] [n] [s] [i | r] [faddress-family]This section describes the most commonly used options of the netstat command. For a detailed description of all netstat options, refer to the netstat1M man page.The netstat s option displays protocol statistics for the UDP, TCP, SCTP, ICMP, and IP protocols.You can us your Solaris user account to obtain output from the netstat command. Display the protocol status.$ netstat -s The following example shows the output of the netstat s command. Parts of the output have been truncated. The output can indicate areas where a protocol is having problems. For example, statistical information from ICMPv4 and ICMPv6 can indicate where the ICMP protocol has found errors. RAWIP rawipInDatagrams = 4701 rawipInErrors = 0 rawipInCksumErrs = 0 rawipOutDatagrams = 4 rawipOutErrors = 0 UDP udpInDatagrams = 10091 udpInErrors = 0 udpOutDatagrams = 15772 udpOutErrors = 0 TCP tcpRtoAlgorithm = 4 tcpRtoMin = 400 tcpRtoMax = 60000 tcpMaxConn = -1 . . tcpListenDrop = 0 tcpListenDropQ0 = 0 tcpHalfOpenDrop = 0 tcpOutSackRetrans = 0 IPv4 ipForwarding = 2 ipDefaultTTL = 255 ipInReceives =300182 ipInHdrErrors = 0 ipInAddrErrors = 0 ipInCksumErrs = 0 . . ipsecInFailed = 0 ipInIPv6 = 0 ipOutIPv6 = 3 ipOutSwitchIPv6 = 0 IPv6 ipv6Forwarding = 2 ipv6DefaultHopLimit = 255 ipv6InReceives = 13986 ipv6InHdrErrors = 0 ipv6InTooBigErrors = 0 ipv6InNoRoutes = 0 . . rawipInOverflows = 0 ipv6InIPv4 = 0 ipv6OutIPv4 = 0 ipv6OutSwitchIPv4 = 0 ICMPv4 icmpInMsgs = 43593 icmpInErrors = 0 icmpInCksumErrs = 0 icmpInUnknowns = 0 . . icmpInOverflows = 0 ICMPv6 icmp6InMsgs = 13612 icmp6InErrors = 0 icmp6InDestUnreachs = 0 icmp6InAdminProhibs = 0 . . icmp6OutGroupQueries= 0 icmp6OutGroupResps = 2 icmp6OutGroupReds = 0 IGMP: 12287 messages received 0 messages received with too few bytes 0 messages received with bad checksum 12287 membership queries received SCTP sctpRtoAlgorithm = vanj sctpRtoMin = 1000 sctpRtoMax = 60000 sctpRtoInitial = 3000 sctpTimHearBeatProbe = 2 sctpTimHearBeatDrop = 0 sctpListenDrop = 0 sctpInClosed = 0 You can display the status of the transport protocols through the netstat command. For detailed information, refer to the netstat1M man page. Display the status of the TCP and SCTP transport protocols on a system.$ netstat Display the status of a particular transport protocol on a system.$ netstat P transport-protocolValues for the transport-protocol variable are tcp, sctp, or udp. This example shows the output of the basic netstat command. Note that IPv4-only information is displayed.$ netstat TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State ----------------- -------------------- ----- ------ ----- ------ ------- lhost-1.login abc.def.local.Sun.COM.980 49640 0 49640 0 ESTABLISHED lhost-1.login ghi.jkl.local.Sun.COM.1020 49640 1 49640 0 ESTABLISHED remhost-1.1014 mno.pqr.remote.Sun.COM.nfsd 49640 0 49640 0 TIME_WAIT SCTP: Local Address Remote Address Swind Send-Q Rwind Recv-Q StrsI/O State ---------------- -------------- ----- ------ ------ ------ ------ ------- *.echo 0.0.0.0 0 0 102400 0 128/1 LISTEN *.discard 0.0.0.0 0 0 102400 0 128/1 LISTEN *.9001 0.0.0.0 0 0 102400 0 128/1 LISTEN This example shows the results when you specify the P option of netstat.$ netstat -P tcp TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State ----------------- -------------------- ----- ------ ----- ------ ------- lhost-1.login abc.def.local.Sun.COM.980 49640 0 49640 0 ESTABLISHED lhost.login ghi.jkl.local.Sun.COM.1020 49640 1 49640 0 ESTABLISHED remhost.1014 mno.pqr.remote.Sun.COM.nfsd 49640 0 49640 0 TIME_WAIT TCP: IPv6 Local Address Remote Address Swind Send-Q Rwind Recv-Q State If ---------------- ---------------------- ------ ----- ------ ----------- ----- localhost.38983 localhost.32777 49152 0 49152 0 ESTABLISHED localhost.32777 localhost.38983 49152 0 49152 0 ESTABLISHED localhost.38986 localhost.38980 49152 0 49152 0 ESTABLISHED The i option of the netstat command shows the state of the network interfaces that are configured on the local system. With this option, you can determine the number of packets a system transmits and receives on each network. Display the status of interfaces on the network.$ netstat -i The next example shows the status of IPv4 and IPv6 packet flow through the host's interfaces.For example, the input packet count (Ipkts) that is displayed for a server can increase each time a client tries to boot, while the output packet count (Opkts) remains steady. This outcome suggests that the server is seeing the boot request packets from the client. However, the server does not know to respond to them. This confusion might be caused by an incorrect address in the hosts, or ethers database. However, if the input packet count is steady over time, then the machine does not see the packets at all. This outcome suggests a different type of failure, possibly a hardware problem. Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue lo0 8232 loopback localhost 142 0 142 0 0 0 hme0 1500 host58 host58 1106302 0 52419 0 0 0 Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis lo0 8252 localhost localhost 142 0 142 0 0 hme0 1500 fe80::a00:20ff:feb9:4c54/10 fe80::a00:20ff:feb9:4c54 1106305 0 52422 0 0 The -a option of the netstat command enables you to view the status of sockets on the local host. Type the following to display the status of sockets and routing table entries:You can use your user account to run this option of netstat.% netstat -a The output of the netstat a command shows extensive statistics. The following example shows portions of typical netstat a output.UDP: IPv4 Local Address Remote Address State -------------------- -------------------- ------- *.bootpc Idle host85.bootpc Idle *.* Unbound *.* Unbound *.sunrpc Idle *.* Unbound *.32771 Idle *.sunrpc Idle *.* Unbound *.32775 Idle *.time Idle . . *.daytime Idle *.echo Idle *.discard Idle UDP: IPv6 Local Address Remote Address State If --------------------------------- --------------------------------- ---------- ----- *.* Unbound *.* Unbound *.sunrpc Idle *.* Unbound *.32771 Idle *.32778 Idle *.syslog Idle . . TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ------- *.* *.* 0 0 49152 0 IDLE localhost.4999 *.* 0 0 49152 0 LISTEN *.sunrpc *.* 0 0 49152 0 LISTEN *.* *.* 0 0 49152 0 IDLE *.sunrpc *.* 0 0 49152 0 LISTEN . . *.printer *.* 0 0 49152 0 LISTEN *.time *.* 0 0 49152 0 LISTEN *.daytime *.* 0 0 49152 0 LISTEN *.echo *.* 0 0 49152 0 LISTEN *.discard *.* 0 0 49152 0 LISTEN *.chargen *.* 0 0 49152 0 LISTEN *.shell *.* 0 0 49152 0 LISTEN *.shell *.* 0 0 49152 0 LISTEN *.kshell *.* 0 0 49152 0 LISTEN *.login . . *.* 0 0 49152 0 LISTEN *TCP: IPv6 Local Address Remote Address Swind Send-Q Rwind Recv-Q State If ----------------------- ----------------------- ----- ------ ----- ------ ---- *.* *.* 0 0 49152 0 IDLE *.sunrpc *.* 0 0 49152 0 LISTEN *.* *.* 0 0 49152 0 IDLE *.32774 *.* 0 0 49152 Use the f option of the netstat command to view statistics related to packet transmissions of a particular address family. View statistics for transmissions of either IPv4 or IPv6 packets.$ netstat -f inet | inet6To view IPv4 transmission information, type inet as the argument to netstat -f. Use inet6 as the argument to netstat -f to view IPv6 information. The following example shows output from the netstat f inet command.TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ------- host58.734 host19.nfsd 49640 0 49640 0 ESTABLISHED host58.38063 host19.32782 49640 0 49640 0 CLOSE_WAIT host58.38146 host41.43601 49640 0 49640 0 ESTABLISHED host58.996 remote-host.login 49640 0 49206 0 ESTABLISHED The following example shows output from the netstat f inet6 command.TCP: IPv6 Local Address Remote Address Swind Send-Q Rwind Recv-Q State If ------------------ ------------------------- ----- ------ ----- ------ --------- ----- localhost.38065 localhost.32792 49152 0 49152 0 ESTABLISHED localhost.32792 localhost.38065 49152 0 49152 0 ESTABLISHED localhost.38089 localhost.38057 49152 0 49152 0 ESTABLISHED The r option of the netstat command displays the routing table for the local host. This table shows the status of all routes that the host knows about. You can run this option of netstat from your user account. Display the IP routing table.$ netstat -r The following example shows output from the netstat r command.Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- host15 myhost U 1 31059 hme0 10.0.0.14 myhost U 1 0 hme0 default distantrouter UG 1 2 hme0 localhost localhost UH 42019361 lo0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --------------------------- --------------------------- ----- --- ------ ----- 2002:0a00:3010:2::/64 2002:0a00:3010:2:1b2b:3c4c:5e6e:abcd U 1 0 hme0:1 fe80::/10 fe80::1a2b:3c4d:5e6f:12a2 U 1 23 hme0 ff00::/8 fe80::1a2b:3c4d:5e6f:12a2 U 1 0 hme0 default fe80::1a2b:3c4d:5e6f:12a2 UG 1 0 hme0 localhost localhost UH 9 21832 lo0 Parameter Description DestinationDestination/Mask Specifies the host that is the destination endpoint of the route. Note that the IPv6 routing table shows the prefix for a 6to4 tunnel endpoint (2002:0a00:3010:2::/64) as the route destination endpoint. Gateway Specifies the gateway to use for forwarding packets. Flags Indicates the current status of the route. The U flag indicates that the route is up. The G flag indicates that the route is to a gateway. Use Shows the number of packets sent. Interface Indicates the particular interface on the local host that is the source endpoint of the transmission. You can use the ping command to determine the status of a remote host. When you run ping, the ICMP protocol sends a datagram to the host that you specify, asking for a response. ICMP is the protocol responsible for error handling on a TCP/IP network. When you use ping, you can find out whether an IP connection exists for the specified remote host. The following is the basic syntax of ping:/usr/sbin/ping host [timeout]In this syntax, host is the name of the remote host. The optional timeout argument indicates the time in seconds for the ping command to continue trying to reach the remote host. The default is 20 seconds. For additional syntax and options, refer to the ping1M man page.Type the following form of the ping command:$ ping hostnameIf host hostname is accepting ICMP transmissions, this message is displayed:hostname is aliveThis message indicates that hostname responded to the ICMP request. However, if hostname is down or cannot receive the ICMP packets, you receive the following response from the ping command:no answer from hostname Use the s option of the ping command to determine if a remote host is running but nevertheless losing packets. Type the following form of the ping command:$ ping -s hostname The ping -s hostname command continually sends packets to the specified host until you send an interrupt character or a time out occurs. The responses on your screen resemble the following:& ping -s host1.domain8 PING host1.domain8 : 56 data bytes 64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=0. time=1.67 ms 64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=1. time=1.02 ms 64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=2. time=0.986 ms 64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=3. time=0.921 ms 64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=4. time=1.16 ms 64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=5. time=1.00 ms 64 bytes from host1.domain8.COM (172.16.83.64): icmp_seq=5. time=1.980 ms ^C ----host1.domain8 PING Statistics---- 7 packets transmitted, 7 packets received, 0% packet loss round-trip (ms) min/avg/max/stddev = 0.921/1.11/1.67/0.26The packet-loss statistic indicates whether the host has dropped packets. If ping fails, check the status of the network that is reported by the ifconfig and netstat commands. Refer to Monitoring the Interface Configuration With the ifconfig Command and Monitoring Network Status With the netstat Command. The following tasks show how to check the status of the network by using well-known networking commands.You can control the output of the netstat and ifconfig commands to display IPv4 information only, or both IPv4 and IPv6 information. Create the /etc/default/inet_type file. Add one of the following entries to /etc/default/inet_type, as required for your network:To display IPv4 information only:DEFAULT_IP=IP_VERSION4 To display both IPv4 and IPv6 information:DEFAULT_IP=BOTHOrDEFAULT_IP=IP_VERSION6For more information about the inet_type file, see the inet_type4 man page. The 4 and 6 flags in the ifconfig command override the values set in the inet_type file. The f flag in the netstat command also overrides the values set in the inet_type file. When you specify the DEFAULT_IP=BOTH or DEFAULT_IP=IP_VERSION6 variable in the inet_type file, you should have the following output:% ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 10.10.0.1 netmask ff000000 qfe0: flags=1000843 mtu 1500 index 2 inet 10.46.86.54 netmask ffffff00 broadcast 10.46.86.255 ether 8:0:20:56:a8 lo0: flags=2000849 mtu 8252 index 1 inet6 ::1/128 qfe0: flags=2000841 mtu 1500 index 2 ether 8:0:20:56:a8 inet6 fe80::a00:fe73:56a8/10 qfe0:1: flags=2080841 mtu 1500 index 2 inet6 2001:db8:3c4d:5:a00:fe73:56a8/64 When you specify the DEFAULT_IP=IP_VERSION4 or DEFAULT_IP=IP_VERSION6 variable in the inet_type file, you should have the following output:% ifconfig -a lo0: flags=849 mtu 8232 inet 10.10.0.1 netmask ff000000 qfe0: flags=843 mtu 1500 inet 10.46.86.54 netmask ffffff00 broadcast 10.46.86.255 ether 8:0:20:56:a8 If you suspect a malfunction of routed, the IPv4 routing daemon, you can start a log that traces the daemon's activity. The log includes all packet transfers when you start the routed daemon. On the local host, assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Create a log file of routing daemon actions: # /usr/sbin/in.routed /var/log-file-nameOn a busy network, this command can generate almost continuous output. The following example shows the beginning of the log that is created by the procedure How to Log Actions of the IPv4 Routing Daemon.-- 2003/11/18 16:47:00.000000 -- Tracing actions started RCVBUF=61440 Add interface lo0 #1 127.0.0.1 -->127.0.0.1/32 <UP|LOOPBACK|RUNNING|MULTICAST|IPv4> <PASSIVE> Add interface hme0 #2 10.10.48.112 -->10.10.48.0/25 <UP|BROADCAST|RUNNING|MULTICAST|IPv4> turn on RIP Add 10.0.0.0 -->10.10.48.112 metric=0 hme0 <NET_SYN> Add 10.10.48.85/25 -->10.10.48.112 metric=0 hme0 <IF|NOPROP> If you suspect a malfunction of the IPv6 in.ndpd daemon, you can start a log that traces the daemon's activity. This trace is displayed on the standard output until terminated. This trace includes all packet transfers when you start the in.ndpd daemon. Assume the Primary Administrator role, or become superuser, on the local IPv6 node.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Start a trace of the in.ndpd daemon.# /usr/lib/inet/in.ndpd -t Terminate the trace as needed by typing Control-C. The following output shows the beginning of a trace of in.ndpd.# /usr/lib/inet/in.ndpd -t Nov 18 17:27:28 Sending solicitation to ff02::2 (16 bytes) on hme0 Nov 18 17:27:28 Source LLA: len 6 <08:00:20:b9:4c:54> Nov 18 17:27:28 Received valid advert from fe80::a00:20ff:fee9:2d27 (88 bytes) on hme0 Nov 18 17:27:28 Max hop limit: 0 Nov 18 17:27:28 Managed address configuration: Not set Nov 18 17:27:28 Other configuration flag: Not set Nov 18 17:27:28 Router lifetime: 1800 Nov 18 17:27:28 Reachable timer: 0 Nov 18 17:27:28 Reachable retrans timer: 0 Nov 18 17:27:28 Source LLA: len 6 <08:00:20:e9:2d:27> Nov 18 17:27:28 Prefix: 2001:08db:3c4d:1::/64 Nov 18 17:27:28 On link flag:Set Nov 18 17:27:28 Auto addrconf flag:Set Nov 18 17:27:28 Valid time: 2592000 Nov 18 17:27:28 Preferred time: 604800 Nov 18 17:27:28 Prefix: 2002:0a00:3010:2::/64 Nov 18 17:27:28 On link flag:Set Nov 18 17:27:28 Auto addrconf flag:Set Nov 18 17:27:28 Valid time: 2592000 Nov 18 17:27:28 Preferred time: 604800 The traceroute command traces the route an IP packet follows to a remote system. For technical details about traceroute, see the traceroute1M man page.You use the traceroute command to uncover any routing misconfiguration and routing path failures. If a particular host is unreachable, you can use traceroute to see what path the packet follows to the remote host and where possible failures might occur.The traceroute command also displays the round trip time for each gateway along the path to the target host. This information can be useful for analyzing where traffic is slow between the two hosts.Type the following to discover the route to a remote system:% traceroute destination-hostnameYou can run this form of the traceroute command from your user account. The following output from the traceroute command shows the seven–hop path a packet follows from the local system nearhost to the remote system farhost. The output also shows the times for a packet to traverse each hop.istanbul% traceroute farhost.faraway.com traceroute to farhost.faraway.com (172.16.64.39), 30 hops max, 40 byte packets 1 frbldg7c-86 (172.16.86.1) 1.516 ms 1.283 ms 1.362 ms 2 bldg1a-001 (172.16.1.211) 2.277 ms 1.773 ms 2.186 ms 3 bldg4-bldg1 (172.16.4.42) 1.978 ms 1.986 ms 13.996 ms 4 bldg6-bldg4 (172.16.4.49) 2.655 ms 3.042 ms 2.344 ms 5 ferbldg11a-001 (172.16.1.236) 2.636 ms 3.432 ms 3.830 ms 6 frbldg12b-153 (172.16.153.72) 3.452 ms 3.146 ms 2.962 ms 7 sanfrancisco (172.16.64.39) 3.430 ms 3.312 ms 3.451 ms This procedure uses the a option of the traceroute command to trace all routes. Type the following command on the local system:% traceroute -ahost-nameYou can run this form of the traceroute command from your user account. This example shows all possible routes to a dual-stack host.% traceroute -a v6host.remote.com traceroute: Warning: Multiple interfaces found; using 2::56:a0:a8 @ eri0:2 traceroute to v6host (2001:db8:4a3b::102:a00:fe79:19b0),30 hops max, 60 byte packets 1 v6-rout86 (2001:db8:4a3b:56:a00:fe1f:59a1) 35.534 ms 56.998 ms * 2 2001:db8::255:0:c0a8:717 32.659 ms 39.444 ms * 3 farhost.faraway.COM (2001:db8:4a3b::103:a00:fe9a:ce7b) 401.518 ms 7.143 ms * 4 distant.remote.com (2001:db8:4a3b::100:a00:fe7c:cf35) 113.034 ms 7.949 ms * 5 v6host (2001:db8:4a3b::102:a00:fe79:19b0) 66.111 ms * 36.965 ms traceroute to v6host.remote.com (192.168.10.75),30 hops max,40 byte packets 1 v6-rout86 (172.16.86.1) 4.360 ms 3.452 ms 3.479 ms 2 flrmpj17u.here.COM (172.16.17.131) 4.062 ms 3.848 ms 3.505 ms 3 farhost.farway.com (10.0.0.23) 4.773 ms * 4.294 ms 4 distant.remote.com (192.168.10.104) 5.128 ms 5.362 ms * 5 v6host (192.168.15.85) 7.298 ms 5.444 ms * You can use the snoop command to monitor the state of data transfers. snoop captures network packets and displays their contents in the format that you specify. Packets can be displayed as soon as they are received, or saved to a file. When snoop writes to an intermediate file, packet loss under busy trace conditions is unlikely. snoop itself is then used to interpret the file. To capture packets to and from the default interface in promiscuous mode, you must assume the Network Management role or become superuser. In summary form, snoop displays only the data that pertains to the highest-level protocol. For example, an NFS packet only displays NFS information. The underlying RPC, UDP, IP, and Ethernet frame information is suppressed but can be displayed if either of the verbose options is chosen.Use snoop frequently and consistently to become familiar with normal system behavior. For assistance in analyzing packets, look for a recent white paper and RFC, and seek the advice of an expert in a particular area, such as NFS or NIS. For details on using snoop and its options, refer to the snoop1M man page. On the local host, assume the Network Management role or become superuser.Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. Print information about the interfaces that are attached to the system. # ifconfig -aThe snoop command normally uses the first non-loopback device, typically the primary network interface. Begin packet capture by typing snoop without arguments, as shown in Example 8–19 Use Control-C to halt the process. The basic snoop command returns output that resembles the following, for a dual-stack host.% snoop Using device /dev/hme (promiscuous mode) farhost.remote.com -> myhost RLOGIN C port=993 myhost -> farhost.remote.com RLOGIN R port=993 Using device /dev/hme router5.local.com -> router5.local.com ARP R 10.0.0.13, router5.local.com is 0:10:7b:31:37:80 router5.local.com -> BROADCAST TFTP Read "network-confg" (octet) myhost -> DNSserver.local.com DNS C 192.168.10.10.in-addr.arpa. Internet PTR ? DNSserver.local.com myhost DNS R 192.168.10.10.in-addr.arpa. Internet PTR niserve2. . . farhost.remote.com-> myhost RLOGIN C port=993 myhost -> farhost.remote.com RLOGIN R port=993 fe80::a00:20ff:febb: . fe80::a00:20ff:febb:e09 -> ff02::9 RIPng R (5 destinations)The packets that are captured in this output show a remote login section, including lookups to the NIS and DNS servers for address resolution. Also included are periodic ARP packets from the local router and advertisements of the IPv6 link-local address to in.ripngd. On the local host, assume the Network Management role or become superuser.Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. Capture a snoop session into a file.# snoop -o filenameFor example:# snoop /tmp/cap Using device /dev/eri (promiscuous mode) 30 snoop: 30 packets capturedIn the example, 30 packets have been captured in a file named /tmp/cap. The file can be in any directory with enough disk space. The number of packets that are captured is displayed on the command line, enabling you to press Control-C to abort at any time.snoop creates a noticeable networking load on the host machine, which can distort the results. To see the actual results, run snoop from a third system. Inspect the snoop output captures file.# snoop -i filename The following output shows a variety of captures such as you might receive as output from the snoop -i command.# snoop -i /tmp/cap 1 0.00000 fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375 ICMPv6 Neighbor advertisement 2 0.16198 farhost.com -> myhost RLOGIN C port=985 3 0.00008 myhost -> farhost.com RLOGIN R port=985 10 0.91493 10.0.0.40 -> (broadcast) ARP C Who is 10.0.0.40, 10.0.0.40 ? 34 0.43690 nearserver.here.com -> 224.0.1.1 IP D=224.0.1.1 S=10.0.0.40 LEN=28, ID=47453, TO =0x0, TTL=1 35 0.00034 10.0.0.40 -> 224.0.1.1 IP D=224.0.1.1 S=10.0.0.40 LEN=28, ID=57376, TOS=0x0, TTL=47 Establish a snoop system off a hub that is connected to either the client or the server. The third system (the snoop system) checks all the intervening traffic, so the snoop trace reflects what is actually happening on the wire. On the snoop system, assume the Network Management role or become superuser.Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. Type snoop with options and save the output to a file. Inspect and interpret the output. Refer to RFC 1761, Snoop Version 2 Packet Capture File Format for details of the snoop capture file. You can use the snoop command to display only IPv6 packets. On the local node, assume the Network Management role or become superuser.Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. Capture IPv6 packets.# snoop ip6For more information on the snoop command, see the snoop1M man page. The following example shows typical output such as you might receive from running the snoop ip6 command on a node.# snoop ip6 fe80::a00:20ff:fecd:4374 -> ff02::1:ffe9:2d27 ICMPv6 Neighbor solicitation fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375 ICMPv6 Neighbor solicitation fe80::a00:20ff:fee9:2d27 -> fe80::a00:20ff:fecd:4375 ICMPv6 Neighbor solicitation fe80::a00:20ff:febb:e09 -> ff02::9 RIPng R (11 destinations) fe80::a00:20ff:fee9:2d27 -> ff02::1:ffcd:4375 ICMPv6 Neighbor solicitation The Solaris OS enables a single interface to have multiple IP addresses. For example, technologies, such as network multipathing (IPMP) enable multiple network interface cards (NICs) to connect to the same IP link layer. That link can have one or more IP addresses. Additionally, interfaces on IPv6-enabled systems have a link-local IPv6 address, at least one IPv6 routing address, and an IPv4 address for at least one interface. When the system initiates a transaction, an application makes a call to the getaddrinfo socket. getaddrinfo discovers the possible address in use on the destination system. The kernel then prioritizes this list to find the best destination to use for the packet. This process is called destination address ordering. The Solaris kernel then selects the appropriate format for the source address, given the best destination address for the packet. The process is known as address selection. For more information on destination address ordering, see the getaddrinfo3SOCKET man page.Both IPv4-only and dual-stack IPv4/IPv6 systems must perform default address selection. In most circumstances, you do not need to change the default address selection mechanisms. However, you might need to change the priority of address formats to support IPMP or to prefer 6to4 address formats, for example. The following procedure explains how to modify the address selection policy table. For conceptual information about IPv6 default address selection, refer to ipaddrsel Command.Do not change the IPv6 address selection policy table, except for the reasons shown in the next task. You can cause problems on the network with a badly constructed policy table. Be sure to save a backup copy of the policy table, as is done in the next procedure. Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Review the current IPv6 address selection policy table.# ipaddrsel # Prefix Precedence Label ::1/128 50 Loopback ::/0 40 Default 2002::/16 30 6to4 ::/96 20 IPv4_Compatible ::ffff:0.0.0.0/96 10 IPv4 Make a backup copy of the default address policy table.# cp /etc/inet/ipaddrsel.conf /etc/inet/ipaddrsel.conf.orig Use a text editor to add your customizations to /etc/inet/ipaddrsel.conf. Use the following syntax for entries in /etc/inet/ipaddrsel:prefix/prefix-length precedence label [# comment ] Here are some common modifications that you might want to make to your policy table:Give the highest priority to 6to4 addresses.2002::/16 50 6to4 ::1/128 45 LoopbackThe 6to4 address format now has the highest priority, 50. Loopback, which previously had a 50 precedence, now has a 45 precedence. The other addressing formats remain the same. Designate a specific source address to be used in communications with a specific destination address.::1/128 50 Loopback 2001:1111:1111::1/128 40 ClientNet 2001:2222:2222::/48 40 ClientNet ::/0 40 DefaultThis particular entry is useful for hosts with only one physical interface. Here 2001:1111:1111::1/128 is preferred as the source address on all packets that are bound for destinations within network 2001:2222:2222::/48. The 40 priority gives higher precedence to the source address 2001:1111:1111::1/128 than to other address formats configured for the interface. Favor IPv4 addresses over IPv6 addresses.::ffff:0.0.0.0/96 60 IPv4 ::1/128 50 Loopback . .The IPv4 format ::ffff:0.0.0.0/96 has its precedence changed from the default 10 to 60, the highest priority in the table. Load the modified policy table into the kernel.ipaddrsel -f /etc/inet/ipaddrsel.conf If the modified policy table has problems, restore the default IPv6 address selection policy table.# ipaddrsel -d When you edit the /etc/inet/ipaddrsel.conf, file, any modifications that you make persist across reboots. If you want the modified policy table to exist only in the current session, follow this procedure. Assume the Primary Administrator role, or become superuser.The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration. Copy the contents of /etc/inet/ipaddrsel into filename, where filename represents a name of your choice.# cp /etc/inet/ipaddrsel filename Edit the policy table in filename to your specifications. Load the modified policy table into the kernel.# ipaddrsel -f filenameThe kernel uses the new policy table until you reboot the system.