Skip to content
/ Snifter Public

Snifter is a raw socket IP packet capturing library/app for Windows, with a tiny CPU and memory footprint

License

Apache-2.0 license
43 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cocowalla/Snifter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Snifter.sln
Snifter.sln
 
 
Snifter.sln.DotSettings
Snifter.sln.DotSettings
 
 
build.cmd
build.cmd
 
 
build.sh
build.sh
 
 

Repository files navigation

Snifter

NuGet

      __.---,__
   .-`         '-,__
 &/           ',_\ _\
 /               '',_
 |    .            (")
 |__.`'-..--|__|--``   Snifter

Snifter is a raw socket IP packet capturing library and application for Windows and Linux, with a tiny CPU and memory footprint.

Output can be written to PCAPNG files, and you can filter captured packets based on protocol, source/destination address and source/destination port.

Why?

On Windows, you can't capture on the local loopback address 127.0.0.1 with a packet capture driver like WinPcap - but you can by using a raw socket sniffer, like Snifter.

Additionally, Snifter is a cross-platform, portable library and application that doesn't require any drivers to be installed.

Snifter started life only for Windows, and Linux support was later added thanks to .NET Core.

Getting Started

Install the Snifter package from NuGet:

Install-Package Snifter

You can see an example of how to use the library in the Snifter.App code in src/App, including capturing, parsing, filtering and saving packets.

App Limitations

You must run Snifter.App with elevated privileges on Windows, or with sudo on Linux - this is an OS-level requirement to create raw sockets.

For now at least, Snifter only supports IPv4. It should be straightforward to add support for IPv6, but I don't use IPv6 yet, so haven't added it.

If you want to capture loopback traffic, it's important that your apps are communicating specifically with 127.0.0.1 - not localhost.

Note that Snifter is restricted to only capturing TCP packets on Linux.

Usage

snifter.exe -i x -f filename

  -i, --interface=VALUE      ID of the interface to listen on
  -f, --filename=VALUE       Filename to output sniffed packets to. Defaults to snifter.pcapng
  -o, --operator=VALUE       Whether filters should be AND or OR. Defaults to OR
  -p, --protocol=VALUE       Filter packets by IANA registered protocol number
  -s, --source-address=VALUE Filter packets by source IP address
  -d, --dest-address=VALUE   Filter packets by destination IP address
  -x, --source-port=VALUE    Filter packets by source port number
  -y, --dest-port=VALUE      Filter packets by destination port number
  -h, -?, --help             Show command line options

Run snifter.exe -h to see a list of available network interfaces.

Note that each filter option can only be specified once.

About

Snifter is a raw socket IP packet capturing library/app for Windows, with a tiny CPU and memory footprint

Topics

cross-platform sockets sniffer raw-sockets packet-sniffer packet-capture

Resources

Readme

License

Apache-2.0 license
Activity

Stars

43 stars

Watchers

5 watching

Forks

17 forks
Report repository

Releases 3

1.3 Latest
Sep 14, 2020
+ 2 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages