You can use the snoop command to monitor network traffic. The snoop command captures network packets and displays the contents in the format that you specify. Packets can be displayed as soon as they are received or saved to a file. When the snoop command writes to an intermediate file, packet loss under busy trace conditions is unlikely. the snoop command is then used to interpret the file.
To capture packets to and from the default interface in promiscuous mode, you must assume the Network Management rights profile or the root role. In summary form, the snoop command displays only the data that pertains to the highest-level protocol. For example, an NFS packet only displays NFS information. The underlying remote procedure call (RPC), UDP, IP, and Ethernet frame information is suppressed but can also be displayed if either of the verbose options is used.
Use the snoop command frequently and consistently to become familiar with normal system behavior. For more details about the snoop command, refer to the snoop(1M) man page.