debian man page for netsniff-ng

Query: netsniff-ng

OS: debian

Section: 8

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

netsniff-ng(8)							netsniff-ng-toolkit						    netsniff-ng(8)

NAME
netsniff-ng - the packet sniffing beast
SYNOPSIS
netsniff-ng -i|-d|--dev|--in <dev|pcap> -o|--out <dev|pcap|dir|txf> [-f|--filter <bpf-file>][-t|--type <type>][-F|--interval <uint>] [-s|--silent][-J|--jumbo-support][-n|--num <uint>][-r|--rand] [-M|--no-promisc][-m|--mmap | -c|--clrw][-S|--ring-size <size>] [-k|--kernel-pull <uint>][-b|--bind-cpu <cpu> | -B|--unbind-cpu <cpu>] [-H|--prio-high][-Q|--notouch-irq][-q|--less | -X|--hex | -l|--ascii] [-v|--version][-h|--help]
DESCRIPTION
The first sniffer that invoked both, the zero-copy RX_RING as well as the zero-copy TX_RING for high-performance network I/O and scatter/gather or mmaped PCAP I/O.
EXAMPLES
netsniff-ng --in eth0 --out dump.pcap Capture traffic from interface 'eth0' and save it pcap file 'dump.pcap' netsniff-ng --in any --filter http.bpf --payload Capture HTTP traffic from any interface and print its payload on stdout netsniff-ng --in wlan0 --bind-cpu 0,1 Capture all traffic from wlan0 interface. Schedule process on CPU 0 and 1.
OPTIONS
-i|-d|--dev|--in <dev|pcap> Input source. Can be a network device or pcap file. -o|--out <dev|pcap|dir|txf> Output sink. Can be a network device, pcap file, a trafgen txf file or a directory. (There's only pcap to txf translation possible.) -f|--filter <bpf-file> Use BPF filter file from bpfc. -t|--type <type> Only handle packets of defined type: - broadcast - multicast - others - outgoing -F|--interval <uint> Dump interval in seconds. if -o is a directory, a new pcap will be created at each interval. The older files are left untouched. (default value: 60 seconds) -s|--silent Do not print captured packets to stdout. -J|--jumbo-support Support for 64KB Super Jumbo Frames. -n|--num <uint> When zerp, capture/replay until SIGINT is received (default). When non-zero, capture/replay the number of packets. -r|--rand Randomize packet forwarding order (replay mode only). -M|--no-promisc Do not place the interface in promiscuous mode. -m|--mmap Mmap pcap file i.e., for replaying. Default: scatter/gather I/O. -c|--clrw Instead of using scatter/gather I/O use slower read(2)/write(2) I/O. -S|--ring-size <size> Manually set ring size in KB/MB/GB, e.g. '10MB'. -k|--kernel-pull <uint> Kernel pull from user interval in microseconds. Default is 10us. (replay mode only). -b|--bind-cpu <cpu> Bind to specific CPU (or CPU-range). -B|--unbind-cpu <cpu> Forbid to use specific CPU (or CPU-range). -H|--prio-high Run the process in high-priority mode. -Q|--notouch-irq Do not touch IRQ CPU affinity of NIC. -q|--less Print less-verbose packet information. -X|--hex Print packet data in hex format. -l|--ascii Print human-readable packet data. -v|--version Print version. -h|--help Print help text and lists all options.
AUTHOR
Written by Daniel Borkmann <daniel@netsniff-ng.org> and Emmanuel Roullit <emmanuel@netsniff-ng.org>
DOCUMENTATION
Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>
BUGS
Please report bugs to <bugs@netsniff-ng.org> 2012-06-29 netsniff-ng(8)
Related Man Pages
bpfc(8) - centos
netsniff-ng(8) - centos
dumpcap(1) - debian
pcapdump(1) - debian
trafgen(8) - debian
Similar Topics in the Unix Linux Community
network driver cpu usage
For the love of God, help me forward traffic from wlan0 to eth0
apache high cpu load on high traffic
Restart debian server if one specific process has more than 10 seconds have high cpu load
Capture PRSTAT based on CPU usage percentage