DTrace just recently gained some new providers (tcp and ip providers) for tracking all of the under-the-hood goings of Solaris TCP/IP subsystem.

http://opensolaris.org/os/community/dtrace/NetworkProvider/

That is great news. Not so great news is the fact these providers are only available in Nevada builds at this point in time. So if you're and the lock-and-stock version of Solaris 10, well, you're largely out of luck with these new providers. But that does not necessarily mean that you're completely locked out from peeking under the hood. You can still use some of the structures exposed by Dtrace during function calls and make some useful functionality of it. Here is a little script I wrote to monitor all connect() calls being made on the system exposing the ports and IP addresses to which clients have tried to make network connections. All of this was made happening by accessing and extracting data from the sockaddr structure:

#!/usr/sbin/dtrace -qs

fbt::connect*:entry
{
printf("execname: %s\n", execname);
printf("pid: %d\n", pid);
printf("sockfd: %d\n",arg0);

socks = (struct sockaddr*)copyin(arg1, arg2);

hport = (uint_t)socks->sa_data[0];
lport = (uint_t)socks->sa_data[1];
hport <<= 8;
port = hport + lport;
printf("Port number: %d\n", port); printf("IP address: %d.%d.%d.%d\n", socks->sa_data[2],
socks->sa_data[3],
socks->sa_data[4],
socks->sa_data[5]);
printf("======\n");
}

Please be aware that the code above is big endian byte order dependent and so it will work correctly only on big endian architectures (i.e SPARC). You will have to change the byte order for little endian x86.