__.---,__ .-` '-,__ &/ ',_\ _\ / '',_ | . (") |__.`'-..--|__|--`` Snifter |
Snifter is a raw socket IP packet capturing tool for Windows and Linux, with a tiny CPU and memory footprint. Output is written in PCAPNG format, and you can filter captured packets based on protocol, source/destination address and source/destination port. |
On Windows, you can't capture on the local loopback address 127.0.0.1
with a packet capture driver like WinPcap - but you can by using a raw socket sniffer, like Snifter.
Linux support was later added just because .NET Core makes it possible.
You must run Snifter with elevated privileges on Windows, or with sudo
on Linux - this is a requirement to create raw sockets.
For now at least, Snifter only supports IPv4. It should be straightforward to add support for IPv6, but I don't use IPv6 yet, so haven't added it.
If you want to capture loopback traffic, it's important that your apps are communicating specifically with 127.0.0.1
- not localhost
.
Note that Snifter is restricted to capturing TCP packets only on Linux.
snifter.exe -i x -f filename
-i, --interface=VALUE ID of the interface to listen on
-f, --filename=VALUE Filename to output sniffed packets to. Defaults to snifter.pcapng
-o, --operator=VALUE Whether filters should be AND or OR. Defaults to OR
-p, --protocol=VALUE Filter packets by IANA registered protocol number
-s, --source-address=VALUE Filter packets by source IP address
-d, --dest-address=VALUE Filter packets by destination IP address
-x, --source-port=VALUE Filter packets by source port number
-y, --dest-port=VALUE Filter packets by destination port number
-h, -?, --help Show command line options
Run snifter.exe -h
to see a list of available network interfaces.
Note that each filter option can only be specified once.