you can use snoop and redirect the output to a file.
if memory serves me correctly there is a switch for snoop to send the data directly to a file also.
Hi...
Unfortunately - Snoop does not seem to log all input from the user. I have tried this previously but it is not giving me all the detail I need - and also , I cannot limit this to just one port, it seems to snoop the whole interface.
You need to look at the -v or -V options and realize you would need quite a bit of disk space for all the info you would gather - also, you need to look at the from or src expressions to cut it down to the port.
I am snopping a port - but it isnt listed in /etc/services so I dont see to get the input I am looking for.
I am trying to get the server logging enabled correctly but its taking time...
I need to see what is being sent to this port and the exact input of the user..
What you want is trivial. You don't need to use a symbolic port name, you can use just a numeric port number.
And even if the port was required to be in /etc/services, how long would it take to add one line to a text file? Since the port is in use I would add it /etc/services just to document that fact.