where can I find tcpdump for solaris?

you can find solaris’ tool “snoop” in /usr/sbin

snoop – capture and inspect network packets

snoop [-aqrCDNPSvV] [-t [r | a | d]] [-c maxcount]
[-d device] [-i filename] [-n filename] [-o filename]
[-p first [, last]] [-s snaplen] [-x offset [, length]]

snoop captures packets from the network and displays their
contents. snoop uses both the network packet filter and
streams buffer modules to provide efficient capture of pack-
ets from the network. Captured packets can be displayed as
they are received, or saved to a file (which is RFC 1761-
compliant) for later inspection.

snoop can display packets in a single-line summary form or
in verbose multi-line forms. In summary form, with the
exception of certain VLAN packets, only the data pertaining
to the highest level protocol is displayed. If a packet has
a VLAN header and its VLAN ID is non-zero, then snoop will
show that the packet is VLAN tagged. For example, an NFS
packet will have only NFS information displayed. Except for
VLAN information under the condition just described, the
underlying RPC, UDP, IP, and Ethernet frame information is
suppressed, but can be displayed if either of the verbose
options are chosen.

In the absence of a name service, such as LDAP or NIS, snoop
displays host names as numeric IP addresses.

snoop requires an interactive interface.

Leave a Reply