Provided by: sniffglue_0.14.0-2ubuntu0.1_amd64 bug

NAME

       sniffglue - secure multithreaded packet sniffer

SYNOPSIS

       sniffglue [-vrpVh] [-n <threads>] device

DESCRIPTION

       sniffglue  is  a  network sniffer written in rust. Network packets are parsed concurrently
       using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue
       securely  on  untrusted  networks  and that it must not crash when processing packets. The
       output should be as useful as possible by default.

OPTIONS

       -v, --verbose
              Increase filter sensitivity to show  more  (possibly  less  useful)  packets.   The
              default  only  shows  few  packets,  this  flag  can  be  specified multiple times.
              (maximum: 4)

       -h, --help
              Prints help information

       -p, --promisc
              Set device to promiscuous mode

       -r, --read
              Open device as pcap file

       -n, --threads threads
              Specify the number of threads

       -V, --version
              Prints version information. If -r was specified, open as pcap file instead

EXAMPLES

       Sniff with default filters (dhcp, dns, tls, http) from enp0s25:
              sniffglue enp0s25

       Increase the filter sensitivity (arp):
              sniffglue -v enp0s25

       Increase the filter sensitivity (cjdns, ssdp, dropbox, packets with valid utf8)
              sniffglue -vv enp0s25

       Almost everything
              sniffglue -vvv enp0s25

       Everything
              sniffglue -vvvv enp0s25

       Read a dump from sniff.pcap, with increased filter sensitivity and decode packets  with  1
       thread:
              sniffglue -vvrn1 sniff.pcap

PROTOCOLS

       ethernet,  ipv4,  ipv6,  arp,  tcp,  udp,  http,  tls, dns, dhcp, cjdns eth beacons, ssdp,
       dropbox beacons

SECURITY

       To report a security issue please contact kpcyrd on ircs://irc.hackint.org.

   SECCOMP
       To ensure a compromised process doesn't compromise the system, sniffglue uses  seccomp  to
       restrict  the  syscalls  that  can be used after the process started.  This is done in two
       stages, first at the very beginning (directly after env_logger initialized) and once after
       the sniffer has been setup, but before packets are read from the network.

   HARDENING
       During  the  second  stage, there's also some general hardening that is applied before all
       unneeded syscalls are finally disabled. Those are system specific, so a configuration file
       is read from /etc/sniffglue.conf. This config file specifies an empty directory for chroot
       and an unprivileged account in user that is used to drop root privileges.

   FUZZING
       The packet processing of sniffglue can be fuzzed using cargo-fuzz.  Everything you  should
       need  is  provided  in the fuzz/ directory that is distributed along with its source code.
       Please note that this program links to libpcap  which  is  not  included  in  the  current
       fuzzing configuration.

SEE ALSO

       pcap(3PCAP), seccomp(2)

AUTHORS

       This  program  was  originally written and is currently maintained by kpcyrd.  Bug reports
       and patches are welcome on github:

              https://github.com/kpcyrd/sniffglue