debian man page for netsniff-ng

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: netsniff-ng

OS: debian

Section: 8

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

netsniff-ng(8)							netsniff-ng-toolkit						    netsniff-ng(8)


NAME

       netsniff-ng - the packet sniffing beast


SYNOPSIS

       netsniff-ng -i|-d|--dev|--in <dev|pcap> -o|--out <dev|pcap|dir|txf> [-f|--filter <bpf-file>][-t|--type <type>][-F|--interval <uint>]
       [-s|--silent][-J|--jumbo-support][-n|--num <uint>][-r|--rand] [-M|--no-promisc][-m|--mmap | -c|--clrw][-S|--ring-size <size>]
       [-k|--kernel-pull <uint>][-b|--bind-cpu <cpu> | -B|--unbind-cpu <cpu>] [-H|--prio-high][-Q|--notouch-irq][-q|--less | -X|--hex |
       -l|--ascii] [-v|--version][-h|--help]


DESCRIPTION

       The first sniffer that invoked both, the zero-copy RX_RING as well as the zero-copy TX_RING for high-performance network I/O and
       scatter/gather or mmaped PCAP I/O.


EXAMPLES

       netsniff-ng --in eth0 --out dump.pcap
	   Capture traffic from interface 'eth0' and save it pcap file 'dump.pcap'

       netsniff-ng --in any --filter http.bpf --payload
	   Capture HTTP traffic from any interface and print its payload on stdout

       netsniff-ng --in wlan0 --bind-cpu 0,1
	   Capture all traffic from wlan0 interface.  Schedule process on CPU 0 and 1.


OPTIONS

       -i|-d|--dev|--in <dev|pcap>
	   Input source. Can be a network device or pcap file.

       -o|--out <dev|pcap|dir|txf>
	   Output sink. Can be a network device, pcap file, a trafgen txf file or a directory. (There's only pcap to txf translation possible.)

       -f|--filter <bpf-file>
	   Use BPF filter file from bpfc.

       -t|--type <type>
	   Only handle packets of defined type:
	       - broadcast
	       - multicast
	       - others
	       - outgoing
       -F|--interval <uint>
	   Dump interval in seconds. if -o is a directory, a new pcap will be created at each interval.  The older files are left untouched.
	   (default value: 60 seconds)

       -s|--silent
	   Do not print captured packets to stdout.

       -J|--jumbo-support
	   Support for 64KB Super Jumbo Frames.

       -n|--num <uint>
	   When zerp, capture/replay until SIGINT is received (default).  When non-zero, capture/replay the number of packets.

       -r|--rand
	   Randomize packet forwarding order (replay mode only).

       -M|--no-promisc
	   Do not place the interface in promiscuous mode.

       -m|--mmap
	   Mmap pcap file i.e., for replaying. Default: scatter/gather I/O.

       -c|--clrw
	   Instead of using scatter/gather I/O use slower read(2)/write(2) I/O.

       -S|--ring-size <size>
	   Manually set ring size in KB/MB/GB, e.g. '10MB'.

       -k|--kernel-pull <uint>
	   Kernel pull from user interval in microseconds. Default is 10us. (replay mode only).

       -b|--bind-cpu <cpu>
	   Bind to specific CPU (or CPU-range).

       -B|--unbind-cpu <cpu>
	   Forbid to use specific CPU (or CPU-range).

       -H|--prio-high
	   Run the process in high-priority mode.

       -Q|--notouch-irq
	   Do not touch IRQ CPU affinity of NIC.

       -q|--less
	   Print less-verbose packet information.

       -X|--hex
	   Print packet data in hex format.

       -l|--ascii
	   Print human-readable packet data.

       -v|--version
	   Print version.

       -h|--help
	   Print help text and lists all options.


AUTHOR

       Written by Daniel Borkmann <daniel@netsniff-ng.org> and Emmanuel Roullit <emmanuel@netsniff-ng.org>


DOCUMENTATION

       Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>


BUGS

       Please report bugs to <bugs@netsniff-ng.org>

								    2012-06-29							    netsniff-ng(8)
Related Man Pages
trafgen(8) - centos
ifpps(8) - centos
pcapdump(1) - debian
curvetun(8) - centos
dumpcap(1) - x11r4
Similar Topics in the Unix Linux Community
network driver cpu usage
For the love of God, help me forward traffic from wlan0 to eth0
help ma aix command
apache high cpu load on high traffic
Capture PRSTAT