debian man page for netsniff-ng

netsniff-ng(8)							netsniff-ng-toolkit						    netsniff-ng(8)

NAME
       netsniff-ng - the packet sniffing beast

SYNOPSIS
       netsniff-ng -i|-d|--dev|--in <dev|pcap> -o|--out <dev|pcap|dir|txf> [-f|--filter <bpf-file>][-t|--type <type>][-F|--interval <uint>]
       [-s|--silent][-J|--jumbo-support][-n|--num <uint>][-r|--rand] [-M|--no-promisc][-m|--mmap | -c|--clrw][-S|--ring-size <size>]
       [-k|--kernel-pull <uint>][-b|--bind-cpu <cpu> | -B|--unbind-cpu <cpu>] [-H|--prio-high][-Q|--notouch-irq][-q|--less | -X|--hex |
       -l|--ascii] [-v|--version][-h|--help]

DESCRIPTION
       The first sniffer that invoked both, the zero-copy RX_RING as well as the zero-copy TX_RING for high-performance network I/O and
       scatter/gather or mmaped PCAP I/O.

EXAMPLES
       netsniff-ng --in eth0 --out dump.pcap
	   Capture traffic from interface 'eth0' and save it pcap file 'dump.pcap'

       netsniff-ng --in any --filter http.bpf --payload
	   Capture HTTP traffic from any interface and print its payload on stdout

       netsniff-ng --in wlan0 --bind-cpu 0,1
	   Capture all traffic from wlan0 interface.  Schedule process on CPU 0 and 1.

OPTIONS
       -i|-d|--dev|--in <dev|pcap>
	   Input source. Can be a network device or pcap file.

       -o|--out <dev|pcap|dir|txf>
	   Output sink. Can be a network device, pcap file, a trafgen txf file or a directory. (There's only pcap to txf translation possible.)

       -f|--filter <bpf-file>
	   Use BPF filter file from bpfc.

       -t|--type <type>
	   Only handle packets of defined type:
	       - broadcast
	       - multicast
	       - others
	       - outgoing
       -F|--interval <uint>
	   Dump interval in seconds. if -o is a directory, a new pcap will be created at each interval.  The older files are left untouched.
	   (default value: 60 seconds)

       -s|--silent
	   Do not print captured packets to stdout.

       -J|--jumbo-support
	   Support for 64KB Super Jumbo Frames.

       -n|--num <uint>
	   When zerp, capture/replay until SIGINT is received (default).  When non-zero, capture/replay the number of packets.

       -r|--rand
	   Randomize packet forwarding order (replay mode only).

       -M|--no-promisc
	   Do not place the interface in promiscuous mode.

       -m|--mmap
	   Mmap pcap file i.e., for replaying. Default: scatter/gather I/O.

       -c|--clrw
	   Instead of using scatter/gather I/O use slower read(2)/write(2) I/O.

       -S|--ring-size <size>
	   Manually set ring size in KB/MB/GB, e.g. '10MB'.

       -k|--kernel-pull <uint>
	   Kernel pull from user interval in microseconds. Default is 10us. (replay mode only).

       -b|--bind-cpu <cpu>
	   Bind to specific CPU (or CPU-range).

       -B|--unbind-cpu <cpu>
	   Forbid to use specific CPU (or CPU-range).

       -H|--prio-high
	   Run the process in high-priority mode.

       -Q|--notouch-irq
	   Do not touch IRQ CPU affinity of NIC.

       -q|--less
	   Print less-verbose packet information.

       -X|--hex
	   Print packet data in hex format.

       -l|--ascii
	   Print human-readable packet data.

       -v|--version
	   Print version.

       -h|--help
	   Print help text and lists all options.

AUTHOR
       Written by Daniel Borkmann <daniel@netsniff-ng.org> and Emmanuel Roullit <emmanuel@netsniff-ng.org>

DOCUMENTATION
       Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>

BUGS
       Please report bugs to <bugs@netsniff-ng.org>

								    2012-06-29							    netsniff-ng(8)