# ipadm show-if
The snoop command normally uses the first non-loopback device, which is typically the primary network interface.
The following example shows the basic snoop command output for a dual-stack host.
# snoop Using device /dev/net (promiscuous mode) router5.local.com -> router5.local.com ARP R 203.0.113.13, router5.local.com is 0:10:7b:31:37:80 router5.local.com -> BROADCAST TFTP Read "network-confg" (octet) myhost -> DNSserver.local.com DNS C 192.0.2.10.in-addr.arpa. Internet PTR ? DNSserver.local.com foohost DNS R 192.0.2.10.in-addr.arpa. Internet PTR niserve2. . . . fe80::a00:20ff:febb:e09 -> ff02::9 RIPng R (5 destinations)
In the previous output, the packets that are captured show a DNS query and response, as well as periodic Address Resolution Protocol (ARP) packets from the local router and advertisements of the IPv6 link-local address to the in.ripngd daemon.