Whilst analysing some issues with multicast on a pair of Solaris boxes, I wanted to filter out some unwanted multicast addresses when viewing my snoop traces.
However, by default, snoop will resolve IPs, and ALL multicast IPs in the 228.x.x.x range (which I’m using) resolve to “reserved-multicast-range-not-delegated.example.com”.
|
1 |
# dig -x multi.cast.ip.here |
So … how to “play back” the snoop output without name resolution? Just use the -r option. I also added -ta to get readable timestamps.
|
1 |
# snoop -ta -ri ./input_file.snoop |
I could then pipe this through grep -v and see only the information I cared about.