If you are trying to make the switch from snoop to tshark in Solaris 11.3, you might have come across a problem where the filters don’t seem to work. In Solaris 11.3.10.7.0, any filter I added, including simple ones, would cause all packets to not be captured:

root@myhost:~# tshark -i mynet0 "tcp" 
Capturing on 'mynet0' 
^C0 packets captured

Eliminating the filter allowed packets to be captured. I verified this behavior on both a zone and bare-metal host.

I was ultimately able to work around this issue by providing a capture link type:

root@myhost:~# tshark -i mynet0 -L
Data link types of interface mynet0 (use option -y to set):
EN10MB (Ethernet) 
IPNET (Solaris ipnet) 
DOCSIS (DOCSIS) 
root@myhost:~# tshark -i mynet0 -y IPNET -w packets.cap "tcp port 80" 
Capturing on 'mynet0' 
84 ^C