Sniff – Overview
Makes output from the tcpdump program easier to read and parse.
This software is now redundant as ASCII support as since been added to tcpdump in version 3.8.
Features
* Coloured console output
* Directly accepts tcpdump options (including parsing from packet files)
* Fully customisable output
Requirements
* Linux operating system
* Perl installed
* tcpdump program installed
* Privileges in order to run tcpdump
Sniff – Help
Run the following command for help.
./sniff -h
Sniff options should be placed before the double dash (–) and tcpdump options should be placed after. Here are some examples of how to use sniff.
Capture all incoming FTP packets on eth1 without using colour
As you can see any options after the double-dash “–” are standard tcpdump options.
./sniff -c — -i eth1 tcp port 21
Real time logging to a CSV file
The example below uses the following options:
Enclose data with ” character (-e\”)
Separator lines with the , character (-n,)
Print the separator once only (-t0)
Dont use colour (-c)
./sniff -e\” -n, -s -t0 -c > /tmp/dump.csv
Converting a tcpdump dumb file into CSV format
First use tcpdump to make the dump file, you must use the “-lx -s 1024″ options at least. For example:
tcpdump -lx -s 1024 -w /tmp/dump.txt
Then run sniff with the required options, note the tcpdump options stating to read from the previously created file.
./sniff -e\” -n, -s -t0 -c — -r /tmp/dump.txt > /tmp/dump.csv
Source from: http://www.thedumbterminal.co.uk/software/sniff.shtml
No tags
