The following is an example of socketsnoop.d. This program snoops TCP
packets and lists the PID and command responsible.

In the following example we can see some SSH network packets, a finger 
and some VNC packets, as well as the process responsible for either 
sending or receiving the data, and the size.

   # ./socketsnoop.d
     UID   PID DIR  SIZE CMD
       0 19886   W    64 ssh mars
       0 19886   R    80 ssh mars
       0 19915   W     0 finger @mars
       0 19915   W     2 finger @mars
       0 19915   R   633 finger @mars
       0 19915   R     0 finger @mars
       0 19886   W    64 ssh mars
       0 19886   R    80 ssh mars
       0 19886   W    48 ssh mars
       0 19886   R    80 ssh mars
     100  4789   W     6 vncviewer mars:4
     100  4789   R   348 vncviewer mars:4
     100  4789   W    10 vncviewer mars:4
     100  4789   R     0 vncviewer mars:4
     100  4789   W     6 vncviewer mars:4
     100  4789   R   336 vncviewer mars:4
     100  4789   W    10 vncviewer mars:4
     100  4789   R     0 vncviewer mars:4
   [...]


Now we could have just used the "snoop" command,

	# snoop | cut -c1-70
	Using device /dev/rtls0 (promiscuous mode)
	     jupiter -> mars         TCP D=22 S=33974 Push Ack=1419294976 Seq=
	        mars -> jupiter      TCP D=33974 S=22 Push Ack=518845397 Seq=1
	     jupiter -> mars         TCP D=22 S=33974 Ack=1419295072 Seq=51884
	     jupiter -> mars         TCP D=22 S=33974 Push Ack=1419295072 Seq=
	        mars -> jupiter      TCP D=33974 S=22 Push Ack=518845445 Seq=1
	     jupiter -> mars         TCP D=22 S=33974 Ack=1419295168 Seq=51884
	     jupiter -> mars         TCP D=22 S=33974 Push Ack=1419295168 Seq=
	        mars -> jupiter      TCP D=33974 S=22 Push Ack=518845493 Seq=1
	     jupiter -> mars         TCP D=22 S=33974 Ack=1419295264 Seq=51884
	     jupiter -> mars         TCP D=5901 S=40476 Push Ack=706125575 Seq
	     jupiter -> mars         TCP D=5901 S=40476 Push Ack=706125575 Seq
	        mars -> jupiter      TCP D=40476 S=5901 Ack=1657776931 Seq=706
	     jupiter -> mars         TCP D=5901 S=40476 Push Ack=706125575 Seq
	     jupiter -> mars         TCP D=5901 S=40476 Push Ack=706125575 Seq
	        mars -> jupiter      TCP D=40476 S=5901 Ack=1657776947 Seq=706
	     jupiter -> mars         TCP D=22 S=33974 Push Ack=1419295264 Seq=
	        mars -> jupiter      TCP D=33974 S=22 Push Ack=518845557 Seq=1
	     jupiter -> mars         TCP D=22 S=33974 Ack=1419295360 Seq=51884
	     jupiter -> mars         TCP D=22 S=33974 Push Ack=1419295360 Seq=
	        mars -> jupiter      TCP D=33974 S=22 Push Ack=518845605 Seq=1
	     jupiter -> mars         TCP D=22 S=33974 Ack=1419295456 Seq=51884
	[...]

which may give us an idea of which would be the processes responsible for
the network traffic, but dosen't actually pinpoint the PIDs.