bpfc(8) netsniff-ng-toolkit bpfc(8)NAME
bpfc - compile a BPF expression into BPF opcode
SYNOPSIS
bpfc -i|--input <program> [-V|--verbose][-v|--version][-h|--help]
DESCRIPTION
bpfc is a tool to generate BPF opcode from a literal expression. The generated BPF opcode then can be used to filter out the corresponding
traffic.
EXAMPLES
bpfc --input example.bpf
Transform the literal expression in example.bpf into BPF opcodes
OPTIONS
-i|--input <program>
Path to Berkeley Packet Filter file.
-V|--verbose
Increase program verbosity
-v|--version
Print version.
-h|--help
Print help text and lists all options.
AUTHOR
Written by Daniel Borkmann <daniel@netsniff-ng.org>
DOCUMENTATION
Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>
BUGS
Please report bugs to <bugs@netsniff-ng.org>
2012-06-29 bpfc(8)
Check Out this Related Man Page
netsniff-ng(8) netsniff-ng-toolkit netsniff-ng(8)NAME
netsniff-ng - the packet sniffing beast
SYNOPSIS
netsniff-ng -i|-d|--dev|--in <dev|pcap> -o|--out <dev|pcap|dir|txf> [-f|--filter <bpf-file>][-t|--type <type>][-F|--interval <uint>]
[-s|--silent][-J|--jumbo-support][-n|--num <uint>][-r|--rand] [-M|--no-promisc][-m|--mmap | -c|--clrw][-S|--ring-size <size>]
[-k|--kernel-pull <uint>][-b|--bind-cpu <cpu> | -B|--unbind-cpu <cpu>] [-H|--prio-high][-Q|--notouch-irq][-q|--less | -X|--hex |
-l|--ascii] [-v|--version][-h|--help]
DESCRIPTION
The first sniffer that invoked both, the zero-copy RX_RING as well as the zero-copy TX_RING for high-performance network I/O and
scatter/gather or mmaped PCAP I/O.
EXAMPLES
netsniff-ng --in eth0 --out dump.pcap
Capture traffic from interface 'eth0' and save it pcap file 'dump.pcap'
netsniff-ng --in any --filter http.bpf --payload
Capture HTTP traffic from any interface and print its payload on stdout
netsniff-ng --in wlan0 --bind-cpu 0,1
Capture all traffic from wlan0 interface. Schedule process on CPU 0 and 1.
OPTIONS
-i|-d|--dev|--in <dev|pcap>
Input source. Can be a network device or pcap file.
-o|--out <dev|pcap|dir|txf>
Output sink. Can be a network device, pcap file, a trafgen txf file or a directory. (There's only pcap to txf translation possible.)
-f|--filter <bpf-file>
Use BPF filter file from bpfc.
-t|--type <type>
Only handle packets of defined type:
- broadcast
- multicast
- others
- outgoing
-F|--interval <uint>
Dump interval in seconds. if -o is a directory, a new pcap will be created at each interval. The older files are left untouched.
(default value: 60 seconds)
-s|--silent
Do not print captured packets to stdout.
-J|--jumbo-support
Support for 64KB Super Jumbo Frames.
-n|--num <uint>
When zerp, capture/replay until SIGINT is received (default). When non-zero, capture/replay the number of packets.
-r|--rand
Randomize packet forwarding order (replay mode only).
-M|--no-promisc
Do not place the interface in promiscuous mode.
-m|--mmap
Mmap pcap file i.e., for replaying. Default: scatter/gather I/O.
-c|--clrw
Instead of using scatter/gather I/O use slower read(2)/write(2) I/O.
-S|--ring-size <size>
Manually set ring size in KB/MB/GB, e.g. '10MB'.
-k|--kernel-pull <uint>
Kernel pull from user interval in microseconds. Default is 10us. (replay mode only).
-b|--bind-cpu <cpu>
Bind to specific CPU (or CPU-range).
-B|--unbind-cpu <cpu>
Forbid to use specific CPU (or CPU-range).
-H|--prio-high
Run the process in high-priority mode.
-Q|--notouch-irq
Do not touch IRQ CPU affinity of NIC.
-q|--less
Print less-verbose packet information.
-X|--hex
Print packet data in hex format.
-l|--ascii
Print human-readable packet data.
-v|--version
Print version.
-h|--help
Print help text and lists all options.
AUTHOR
Written by Daniel Borkmann <daniel@netsniff-ng.org> and Emmanuel Roullit <emmanuel@netsniff-ng.org>
DOCUMENTATION
Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>
BUGS
Please report bugs to <bugs@netsniff-ng.org>
2012-06-29 netsniff-ng(8)