snoop
snoop [ -aqrCDNPSvV ] [ -t [ r | a | d ] ] [ -c maxcount ] [ -d device ] [ -i filename ] [ -n filename ] [ -o filename ] [ -p first [ , last ] ] [ -s snaplen ] [ -x offset [ , length ] ] [ expression ]
Available on: Solaris
Examples
Capture everything from the default interface and display on the screen
# snoop
Capture from port 80 on the e1000g0 interface. Output full packets (-x0) and actual timestamps (-ta).
# snoop -d e1000g0 -ta -x0 port 80
Capture everything from host loki to a file
# snoop -o output.cap host loki
Output all packets >200 bytes on port 8080 from the capture file output.cap
# snoop -i output.cap greater 200 port 8080
