#Turn on snoop to trace packets between ccasn02.in2p3.fr & pharlap.slac.stanford.edu
63cottrell@pharlap:~>sudo snoop -o /tmp/in2-3-tcpdump-1024k host pharlap.slac.stanford.edu and host ccasn02.in2p3.fr
AFS Password:
Using device /dev/ge (promiscuous mode)
208 ^C

#Copy file from ccasn02 to pharlap
ccasn02:tcsh[50] bin/bbcp -v -s 1 -w 1024k -D -f -T '/opt/ssf/bin/ssf %H -l %U bbcp' .cshrc pharlap.slac.stanford.edu:/dev/null

#Having captured packets, analyze output and create an editable file
101cottrell@pharlap:~>snoop -i /tmp/in2p3-tcpdump-1024k -V > ! /tmp/in2p3-snoop-1024k

#Sample output from editable file
   #Open ssh session
  1   0.00000 ccasn02.in2p3.fr -> PHARLAP.SLAC.Stanford.EDU ETHER Type=0800 (IP), size = 60 bytes
  1   0.00000 ccasn02.in2p3.fr -> PHARLAP.SLAC.Stanford.EDU IP  D=134.79.240.26 S=134.158.105.22 LEN=44, ID=54365
  1   0.00000 ccasn02.in2p3.fr -> PHARLAP.SLAC.Stanford.EDU TCP D=22 S=1023 Syn Seq=2999279651 Len=0 Win=8760 Options=<mss 1460>
________________________________
  2   0.00004 PHARLAP.SLAC.Stanford.EDU -> ccasn02.in2p3.fr ETHER Type=0800 (IP), size = 58 bytes
  2   0.00004 PHARLAP.SLAC.Stanford.EDU -> ccasn02.in2p3.fr IP  D=134.158.105.22 S=134.79.240.26 LEN=44, ID=63707
  2   0.00004 PHARLAP.SLAC.Stanford.EDU -> ccasn02.in2p3.fr TCP D=1023 S=22 Syn Ack=2999279652 Seq=2691720310 Len=0 Win=24820 Options=<mss 1460>
   #Open copy stream, ccin2p3 advertises 2MB window, pharlap advertises 1MByte 104k window.
 38   0.21409 ccasn02.in2p3.fr -> PHARLAP.SLAC.Stanford.EDU ETHER Type=0800 (IP), size = 62 bytes
 38   0.21409 ccasn02.in2p3.fr -> PHARLAP.SLAC.Stanford.EDU IP  D=134.79.240.26 S=134.158.105.22 LEN=48, ID=54383
 38   0.21409 ccasn02.in2p3.fr -> PHARLAP.SLAC.Stanford.EDU TCP D=62098 S=56319 Syn Seq=2775194521 Len=0 Win=65535 Options=<nop,wscale 5,mss 1460>
________________________________
 39   0.00004 PHARLAP.SLAC.Stanford.EDU -> ccasn02.in2p3.fr ETHER Type=0800 (IP), size = 62 bytes
 39   0.00004 PHARLAP.SLAC.Stanford.EDU -> ccasn02.in2p3.fr IP  D=134.158.105.22 S=134.79.240.26 LEN=48, ID=63726
 39   0.00004 PHARLAP.SLAC.Stanford.EDU -> ccasn02.in2p3.fr TCP D=56319 S=62098 Syn Ack=2775194522 Seq=2693060762 Len=0 Win=32804 Options=<nop,wscale 5,mss 1460>