Running snoop with LDAP in Mind
Before you run the snoop utility, you must decide if you want real-time data or you'd prefer to capture packets to a snoop-capture file. In most situations, you will want to capture the data to a file. In real-time mode, the data flies across your screen much too fast for you to read. The only real benefit of real-time mode is to give you a quick feel for the traffic that's moving on your network. To do some serious analysis, you'll want to capture packets to a file so you can take your time with them.
The syntax and complete list of options for snoop are described in snoop(1M) man page. The examples in this article focus on snoop options that are related to LDAP. The examples that follow use the following snoop syntax and options depending on the desired level of tracing:
Instead of using snoop port 389 you could use the name ldap which is the name of the service.