Snoop is an executable binary that puts your system’s interface(s) in promiscuous mode. By being in promiscuous mode, snoop captures all packets on you network, in either real time or capture file format. What makes snoop so powerful is the detail of information it provides and the flexibility of the tool.
Tethereal is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. Tethereal’s native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.
Usually you can use tethreal on LInux OS and snoop on Solaris Operation Environment.
For detail info, you can read on
Here I give you, the easiest way to use snoop and tethereal
How to use snoop ?
Check your network interface card (NIC), for example, your IP is 192.168.0.31
bash-2.05$ ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ce1: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 2
inet 10.1.0.22 netmask ffffffe0 broadcast 10.1.0.255
ce2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.0.31 netmask ffffff00 broadcast 192.168.0.255
You if you want to do snoop, use your ce2 interface
#snoop -d ce2 -w output_file.cap
How to use tethereal ?
For example if you want to sniff SMPP packet on IP 192.168.0.31
#tethereal -i ce2 proto SMPP -w output_file.cap
Open your snoop or tethereal file with ethereal (http://www.ethereal.com/) and you can analyze your packet.