Berkeley Packet Filter and pf_packet in Solaris
Darren Reed recently delivered Berkeley Packet Filter and PF_PACKET into Solaris Nevada:
BPF is now as a supported option for the Solaris kernel. Support has been implemented for capturing packets at the link layer as well as at the IP layer. By using the IPNET device from Clearview Observability, BPF can be used to sniff packets local to the host (loopback & between zones) as well as those from "the wire" through interfaces supplied by Crossbow. In subsequent builds you can look forward to the libpcap shipped with Solaris being switched over from DLPI to BPF and updates
to wireshark and tcpdump to support IPNET for loopback packet capture.
In addition to BPF, an implementation of PF_PACKET has now been added to Solaris. This provides both another mechanism to sniff packets from the network, with in-kernel filtering supported by BPF. Both raw and datagram PF_PACKET sockets have been included in this implementation of PF_PACKET for Solaris. Unlike BPF, PF_PACKET does not have access to loopback packets on Solaris.