GithubHelp home page GithubHelp logo

gavz / snifter Goto Github PK

View Code? Open in Web Editor NEW

This project forked from cocowalla/snifter

0.0 1.0 0.0 51 KB

Snifter is a raw socket IP packet capturing tool for Windows, with a tiny CPU and memory footprint

License: Apache License 2.0

Batchfile 0.16% Shell 0.20% C# 99.64%

snifter's Introduction

Snifter

      __.---,__
   .-`         '-,__
 &/           ',_\ _\
 /               '',_
 |    .            (")
 |__.`'-..--|__|--``   Snifter

Snifter is a raw socket IP packet capturing tool for Windows and Linux, with a tiny CPU and memory footprint.

Output is written in PCAPNG format, and you can filter captured packets based on protocol, source/destination address and source/destination port.

Why?

On Windows, you can't capture on the local loopback address 127.0.0.1 with a packet capture driver like WinPcap - but you can by using a raw socket sniffer, like Snifter.

Linux support was later added just because .NET Core makes it possible.

Limitations

You must run Snifter with elevated privileges on Windows, or with sudo on Linux - this is a requirement to create raw sockets.

For now at least, Snifter only supports IPv4. It should be straightforward to add support for IPv6, but I don't use IPv6 yet, so haven't added it.

If you want to capture loopback traffic, it's important that your apps are communicating specifically with 127.0.0.1 - not localhost.

Note that Snifter is restricted to capturing TCP packets only on Linux.

Usage

snifter.exe -i x -f filename

  -i, --interface=VALUE      ID of the interface to listen on
  -f, --filename=VALUE       Filename to output sniffed packets to. Defaults to snifter.pcapng
  -o, --operator=VALUE       Whether filters should be AND or OR. Defaults to OR
  -p, --protocol=VALUE       Filter packets by IANA registered protocol number
  -s, --source-address=VALUE Filter packets by source IP address
  -d, --dest-address=VALUE   Filter packets by destination IP address
  -x, --source-port=VALUE    Filter packets by source port number
  -y, --dest-port=VALUE      Filter packets by destination port number
  -h, -?, --help             Show command line options

Run snifter.exe -h to see a list of available network interfaces.

Note that each filter option can only be specified once.

snifter's People

Contributors

cocowalla avatar cameron-elliott avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.