impacket-sniff

View documentation for the original command

$ tldr sniff.py

impacket-sniff [-i interface] [-f filter] [-c count] [-o output_file] [protocols]

-i interface
    Specify the network interface to listen on.

-f filter
    Specify a BPF (Berkeley Packet Filter) to filter traffic. This allows focusing on specific types of packets.
Example: tcp port 80

-c count
    Capture only 'count' number of packets and exit.

-o output_file
    Save the captured packets to a PCAP (pcapng) file. This is used for later analysis with tools like Wireshark.

protocols
    Specify which protocols to parse and display. If omitted, all supported protocols are analyzed.

impacket-sniff is a Python-based command-line tool provided by the Impacket library. It allows you to passively capture and analyze network traffic. It supports various protocols and allows filtering based on IP addresses, ports, and other criteria. This utility is useful for network troubleshooting, security auditing, and protocol analysis.
Unlike tools like `tcpdump`, impacket-sniff leverages Impacket's Python implementation, which allows for more flexibility in dissector creation, packet manipulation, and custom protocol support. It is often used in penetration testing and security research due to its ability to craft and dissect packets on the fly.
The tool provides options to print the captured packets to standard output, save them to a PCAP file for later analysis, or process them in real-time using custom scripts. Its power lies in its ability to work with various protocols and its integration within the broader Impacket framework.

Requires root privileges to capture network traffic on most systems. The `-f` option uses BPF syntax, which can be complex.

impacket-sniff relies on Impacket's powerful packet dissection capabilities. This allows you to not only capture packets but also to easily access and manipulate the fields within those packets using Python code.

impacket-sniff is a part of the Impacket library, a collection of Python classes for working with network protocols. Impacket was developed to provide a more flexible and Python-centric way to interact with network packets compared to existing tools. The 'sniff' functionality has been a core component of Impacket for many years, evolving with the library to support new protocols and analysis techniques.

tcpdump(1), wireshark(1)