3 netsniff-ng - the packet sniffing beast
7 netsniff-ng -i|-d|--dev|--in <dev|pcap> -o|--out <dev|pcap|dir|txf>
8 [-f|--filter <bpf-file>][-t|--type <type>][-F|--interval <uint>]
9 [-s|--silent][-J|--jumbo-support][-n|--num <uint>][-r|--rand]
10 [-M|--no-promisc][-m|--mmap | -c|--clrw][-S|--ring-size <size>]
11 [-k|--kernel-pull <uint>][-b|--bind-cpu <cpu> | -B|--unbind-cpu <cpu>]
12 [-H|--prio-high][-Q|--notouch-irq][-q|--less | -X|--hex | -l|--ascii]
13 [-v|--version][-h|--help]
17 The first sniffer that invoked both, the zero-copy RX_RING as well as
18 the zero-copy TX_RING for high-performance network I/O and scatter/gather
25 =item netsniff-ng --in eth0 --out dump.pcap
27 Capture traffic from interface 'eth0' and save it pcap file 'dump.pcap'
29 =item netsniff-ng --in any --filter http.bpf --payload
31 Capture HTTP traffic from any interface and print its payload on stdout
33 =item netsniff-ng --in wlan0 --bind-cpu 0,1
35 Capture all traffic from wlan0 interface.
36 Schedule process on CPU 0 and 1.
44 =item -i|-d|--dev|--in <dev|pcap>
46 Input source. Can be a network device or pcap file.
48 =item -o|--out <dev|pcap|dir|txf>
50 Output sink. Can be a network device, pcap file, a trafgen txf file or a
51 directory. (There's only pcap to txf translation possible.)
53 =item -f|--filter <bpf-file>
55 Use BPF filter file from bpfc.
57 =item -t|--type <type>
61 =item Only handle packets of defined type:
77 =item -F|--interval <uint>
79 Dump interval in seconds. if -o is a directory, a new pcap will be created at each interval.
80 The older files are left untouched. (default value: 60 seconds)
84 Do not print captured packets to stdout.
86 =item -J|--jumbo-support
88 Support for 64KB Super Jumbo Frames.
92 When zerp, capture/replay until SIGINT is received (default).
93 When non-zero, capture/replay the number of packets.
97 Randomize packet forwarding order (replay mode only).
101 Do not place the interface in promiscuous mode.
105 Mmap pcap file i.e., for replaying. Default: scatter/gather I/O.
109 Instead of using scatter/gather I/O use slower read(2)/write(2) I/O.
111 =item -S|--ring-size <size>
113 Manually set ring size in KB/MB/GB, e.g. '10MB'.
115 =item -k|--kernel-pull <uint>
117 Kernel pull from user interval in microseconds. Default is 10us. (replay mode only).
119 =item -b|--bind-cpu <cpu>
121 Bind to specific CPU (or CPU-range).
123 =item -B|--unbind-cpu <cpu>
125 Forbid to use specific CPU (or CPU-range).
129 Run the process in high-priority mode.
131 =item -Q|--notouch-irq
133 Do not touch IRQ CPU affinity of NIC.
137 Print less-verbose packet information.
141 Print packet data in hex format.
145 Print human-readable packet data.
153 Print help text and lists all options.
159 Written by Daniel Borkmann <daniel@netsniff-ng.org> and Emmanuel Roullit <emmanuel@netsniff-ng.org>
163 Documentation by Emmanuel Roullit <emmanuel@netsniff-ng.org>
167 Please report bugs to <bugs@netsniff-ng.org>