Provided by: netsniff-ng_0.5.7-1_amd64
NAME
netsniff-ng - the packet sniffing beast
SYNOPSIS
netsniff-ng -i|-d|--dev|--in <dev|pcap> -o|--out <dev|pcap|dir|txf> [-f|--filter <bpf-file>][-t|--type <type>][-F|--interval <uint>] [-s|--silent][-J|--jumbo-support][-n|--num <uint>][-r|--rand] [-M|--no-promisc][-m|--mmap | -c|--clrw][-S|--ring-size <size>] [-k|--kernel-pull <uint>][-b|--bind-cpu <cpu> | -B|--unbind-cpu <cpu>] [-H|--prio-high][-Q|--notouch-irq][-q|--less | -X|--hex | -l|--ascii] [-v|--version][-h|--help]
DESCRIPTION
The first sniffer that invoked both, the zero-copy RX_RING as well as the zero-copy TX_RING for high-performance network I/O and scatter/gather or mmaped PCAP I/O.
EXAMPLES
netsniff-ng --in eth0 --out dump.pcap Capture traffic from interface 'eth0' and save it pcap file 'dump.pcap' netsniff-ng --in any --filter http.bpf --payload Capture HTTP traffic from any interface and print its payload on stdout netsniff-ng --in wlan0 --bind-cpu 0,1 Capture all traffic from wlan0 interface. Schedule process on CPU 0 and 1.
OPTIONS
-i|-d|--dev|--in <dev|pcap> Input source. Can be a network device or pcap file. -o|--out <dev|pcap|dir|txf> Output sink. Can be a network device, pcap file, a trafgen txf file or a directory. (There's only pcap to txf translation possible.) -f|--filter <bpf-file> Use BPF filter file from bpfc. -t|--type <type> Only handle packets of defined type: - broadcast - multicast - others - outgoing -F|--interval <uint> Dump interval in seconds. if -o is a directory, a new pcap will be created at each interval. The older files are left untouched. (default value: 60 seconds) -s|--silent Do not print captured packets to stdout. -J|--jumbo-support Support for 64KB Super Jumbo Frames. -n|--num <uint> When zerp, capture/replay until SIGINT is received (default). When non-zero, capture/replay the number of packets. -r|--rand Randomize packet forwarding order (replay mode only). -M|--no-promisc Do not place the interface in promiscuous mode. -m|--mmap Mmap pcap file i.e., for replaying. Default: scatter/gather I/O. -c|--clrw Instead of using scatter/gather I/O use slower read(2)/write(2) I/O. -S|--ring-size <size> Manually set ring size in KB/MB/GB, e.g. '10MB'. -k|--kernel-pull <uint> Kernel pull from user interval in microseconds. Default is 10us. (replay mode only). -b|--bind-cpu <cpu> Bind to specific CPU (or CPU-range). -B|--unbind-cpu <cpu> Forbid to use specific CPU (or CPU-range). -H|--prio-high Run the process in high-priority mode. -Q|--notouch-irq Do not touch IRQ CPU affinity of NIC. -q|--less Print less-verbose packet information. -X|--hex Print packet data in hex format. -l|--ascii Print human-readable packet data. -v|--version Print version. -h|--help Print help text and lists all options.
AUTHOR
Written by Daniel Borkmann <daniel@netsniff-ng.org> and Emmanuel Roullit <emmanuel@netsniff-ng.org>
DOCUMENTATION
Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>
BUGS
Please report bugs to <bugs@netsniff-ng.org> 2012-06-29 netsniff-ng(8)