Provided by: netsniff-ng_0.5.7-1_amd64 bug

NAME

       netsniff-ng - the packet sniffing beast

SYNOPSIS

       netsniff-ng -i|-d|--dev|--in <dev|pcap> -o|--out <dev|pcap|dir|txf> [-f|--filter
       <bpf-file>][-t|--type <type>][-F|--interval <uint>]
       [-s|--silent][-J|--jumbo-support][-n|--num <uint>][-r|--rand] [-M|--no-promisc][-m|--mmap
       | -c|--clrw][-S|--ring-size <size>] [-k|--kernel-pull <uint>][-b|--bind-cpu <cpu> |
       -B|--unbind-cpu <cpu>] [-H|--prio-high][-Q|--notouch-irq][-q|--less | -X|--hex |
       -l|--ascii] [-v|--version][-h|--help]

DESCRIPTION

       The first sniffer that invoked both, the zero-copy RX_RING as well as the zero-copy
       TX_RING for high-performance network I/O and scatter/gather or mmaped PCAP I/O.

EXAMPLES

       netsniff-ng --in eth0 --out dump.pcap
           Capture traffic from interface 'eth0' and save it pcap file 'dump.pcap'

       netsniff-ng --in any --filter http.bpf --payload
           Capture HTTP traffic from any interface and print its payload on stdout

       netsniff-ng --in wlan0 --bind-cpu 0,1
           Capture all traffic from wlan0 interface.  Schedule process on CPU 0 and 1.

OPTIONS

       -i|-d|--dev|--in <dev|pcap>
           Input source. Can be a network device or pcap file.

       -o|--out <dev|pcap|dir|txf>
           Output sink. Can be a network device, pcap file, a trafgen txf file or a directory.
           (There's only pcap to txf translation possible.)

       -f|--filter <bpf-file>
           Use BPF filter file from bpfc.

       -t|--type <type>
           Only handle packets of defined type:
               - broadcast
               - multicast
               - others
               - outgoing
       -F|--interval <uint>
           Dump interval in seconds. if -o is a directory, a new pcap will be created at each
           interval.  The older files are left untouched. (default value: 60 seconds)

       -s|--silent
           Do not print captured packets to stdout.

       -J|--jumbo-support
           Support for 64KB Super Jumbo Frames.

       -n|--num <uint>
           When zerp, capture/replay until SIGINT is received (default).  When non-zero,
           capture/replay the number of packets.

       -r|--rand
           Randomize packet forwarding order (replay mode only).

       -M|--no-promisc
           Do not place the interface in promiscuous mode.

       -m|--mmap
           Mmap pcap file i.e., for replaying. Default: scatter/gather I/O.

       -c|--clrw
           Instead of using scatter/gather I/O use slower read(2)/write(2) I/O.

       -S|--ring-size <size>
           Manually set ring size in KB/MB/GB, e.g. '10MB'.

       -k|--kernel-pull <uint>
           Kernel pull from user interval in microseconds. Default is 10us. (replay mode only).

       -b|--bind-cpu <cpu>
           Bind to specific CPU (or CPU-range).

       -B|--unbind-cpu <cpu>
           Forbid to use specific CPU (or CPU-range).

       -H|--prio-high
           Run the process in high-priority mode.

       -Q|--notouch-irq
           Do not touch IRQ CPU affinity of NIC.

       -q|--less
           Print less-verbose packet information.

       -X|--hex
           Print packet data in hex format.

       -l|--ascii
           Print human-readable packet data.

       -v|--version
           Print version.

       -h|--help
           Print help text and lists all options.

AUTHOR

       Written by Daniel Borkmann <daniel@netsniff-ng.org> and Emmanuel Roullit
       <emmanuel@netsniff-ng.org>

DOCUMENTATION

       Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>

BUGS

       Please report bugs to <bugs@netsniff-ng.org>

                                            2012-06-29                             netsniff-ng(8)