Capturing network traffic in order to diagnose problems with your SAS® environment


Capturing network traffic is often helpful in diagnosing problems with the SAS Environment. This KB article explains how to capture network traffic in both UNIX and Microsoft Windows operating environments.

For UNIX Environments

Under UNIX, there are two command-line tools that can be used for capturing network traffic: tcpdump or snoop. You can download both tcpdump and snoop for free. Generally, you need to run these tools as root.

Most UNIX variants include tcpdump. To capture network traffic with this tool, submit the following command:

tcpdump -nvvXSw ./`hostname`.pcap

Some UNIX variants (in particular, Solaris) use snoop instead. To use this tool, submit the following command:

snoop -VvrDS -o ./`hostname`.pcap

For Windows Environments

Under Windows, SAS Technical Support recommends the Wireshark Network Analyzer, a GUI-based tool that provides a menu system for starting and stopping the capture of network traffic. Wireshark is available for downloading here. You use Wireshark as follows:

  1. In the Wireshark Network Analyzer window, select Capture ► Options.

    Captureis selected in the menu along the top, and the top item, "Options" is selected

    This action opens the Wireshare: Capture Interfaces dialog box.

  2. In the dialog box, select the interface from which you want to capture traffic and click Start.

    In the popup Capture Interfaces, Local Area Connection is circled in red

    Traffic displays in real time in the Capturing from Local Area Connection window.

  3. When you want to stop the capture, click the stop button (the red square at the upper left of the menu bar.

A red square at the upper left corner is circles in red

After you stop the capture, you can save it by selecting File ► Save as in the Capturing from Local Area Connection window.