impacket-sniff

Capture network packets on an interface

$ sudo impacket-sniff [eth0]

$ sudo impacket-sniff -filter '[tcp port 80]' [eth0]

impacket-sniff [-h] [-filter FILTER] interface

impacket-sniff is a basic packet capture tool using Impacket's raw socket capabilities. It captures network traffic on the specified interface and displays packet information.
The tool provides a simple way to observe network traffic using Impacket's protocol parsing, which can be useful for debugging or understanding network communications during security assessments.

-filter FILTER

BPF filter expression to limit captured packets

Requires root/administrator privileges for raw socket access. For production packet capture needs, tools like tcpdump or Wireshark offer more features. The interface must be in a state that allows promiscuous mode.

Part of the Impacket library by SecureAuth. Included as a demonstration of Impacket's packet capture and parsing capabilities using Python.

tcpdump(1), wireshark(1), impacket-sniffer(1), tshark(1)