LinuxCommandLibrary

netsniff-ng

TLDR

Capture packets

$ netsniff-ng -i [eth0] -o [capture.pcap]
copy
Read pcap file
$ netsniff-ng -i [capture.pcap]
copy
Filter packets
$ netsniff-ng -i [eth0] -f "[tcp port 80]"
copy
High-speed capture
$ netsniff-ng -i [eth0] --ring-size [64MB] -o [capture.pcap]
copy
Show packet details
$ netsniff-ng -i [eth0] -V
copy
Capture to directory
$ netsniff-ng -i [eth0] -P [output/]
copy

SYNOPSIS

netsniff-ng [options]

DESCRIPTION

netsniff-ng is a high-performance packet sniffer. It uses zero-copy mechanisms for speed.
The tool captures at line rate. Supports BPF filtering and pcap output.
netsniff-ng is fast packet capture.

PARAMETERS

-i INPUT

Input interface or file.
-o OUTPUT
Output file.
-f FILTER
BPF filter expression.
--ring-size SIZE
Ring buffer size.
-V
Verbose packet display.
-P DIR
Output directory.
--help
Display help information.

CAVEATS

Requires root. High-performance focus. Part of netsniff-ng toolkit.

HISTORY

netsniff-ng was created for high-speed packet capture using Linux kernel zero-copy features.

SEE ALSO

tcpdump(1), wireshark(1), tshark(1)

Copied to clipboard