GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → chenjiandongx → sniffer

chenjiandongx / sniffer

Licence: MIT License
🤒 A modern alternative network traffic sniffer.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

clipcapnetworkingpacketstrafficsniffertcpdumpgopacket

Projects that are alternatives of or similar to sniffer

Pcapxray
❄️ PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
Stars: ✭ 1,096 (+156.07%)
Mutual labels:  pcap, packets, traffic
Tcpdump
the TCPdump network dissector
Stars: ✭ 1,731 (+304.44%)
Mutual labels:  pcap, sniffer, tcpdump
Passer
Passive service locator, a python sniffer that identifies servers, clients, names and much more
Stars: ✭ 144 (-66.36%)
Mutual labels:  pcap, packets, sniffer
tcpslice
tcpslice concatenates multiple pcap files together, or extracts time slices from one or more pcap files.
Stars: ✭ 48 (-88.79%)
Mutual labels:  pcap, tcpdump
Captagent
100% Open-Source Packet Capture Agent for HEP
Stars: ✭ 116 (-72.9%)
Mutual labels:  pcap, sniffer
Libtins
High-level, multiplatform C++ network packet sniffing and crafting library.
Stars: ✭ 1,609 (+275.93%)
Mutual labels:  pcap, packets
Tcpreplay
Pcap editing and replay tools for *NIX and Windows - Users please download source from
Stars: ✭ 745 (+74.07%)
Mutual labels:  pcap, traffic
Pypacker
📦 The fastest and simplest packet manipulation lib for Python
Stars: ✭ 216 (-49.53%)
Mutual labels:  pcap, packets
Libpcap
the LIBpcap interface to various kernel packet capture mechanism
Stars: ✭ 1,785 (+317.06%)
Mutual labels:  pcap, sniffer
website-fingerprinting
Deanonymizing Tor or VPN users with website fingerprinting and machine learning.
Stars: ✭ 59 (-86.21%)
Mutual labels:  packets, traffic
wiresham
Simple TCP service mocking tool for replaying https://www.wireshark.org and http://www.tcpdump.org captured service traffic
Stars: ✭ 44 (-89.72%)
Mutual labels:  pcap, tcpdump
Bruteshark
Network Analysis Tool
Stars: ✭ 1,335 (+211.92%)
Mutual labels:  pcap, sniffer
youtube-or-pornhub
Service identification on ciphered traffic.
Stars: ✭ 26 (-93.93%)
Mutual labels:  pcap, traffic
network-tools
Network Tools
Stars: ✭ 27 (-93.69%)
Mutual labels:  pcap, tcpdump
Node pcap
libpcap bindings for node
Stars: ✭ 849 (+98.36%)
Mutual labels:  pcap, sniffer
SnifferIH
DLL Hooking Packet Sniffer
Stars: ✭ 15 (-96.5%)
Mutual labels:  packets, sniffer
Packet Agent
A toolset for network packet capture in Cloud/Kubernetes and Virtualized environment.
Stars: ✭ 419 (-2.1%)
Mutual labels:  pcap, traffic
Sniffglue
Secure multithreaded packet sniffer
Stars: ✭ 651 (+52.1%)
Mutual labels:  pcap, sniffer
dns-collector
Aggregator, analyzer, transporter and logging for your DNS logs
Stars: ✭ 58 (-86.45%)
Mutual labels:  pcap, sniffer
zk-sniffer
sniffer and parse zookeeper packet
Stars: ✭ 38 (-91.12%)
Mutual labels:  traffic, sniffer
View All Similar Projects ➔

sniffer

GoDoc Go Report Card License

A modern alternative network traffic sniffer inspired by bandwhich(Rust) and nethogs(C++).

sniffer.mov

Introduction

中文介绍

sniffer is designed for network troubleshooting. It can be started at any time to analyze the processes or connections causing increases in network traffic without loading any kernel modules. By the way, the TUI of it is responsive that can fit with terminals of all sizes automatically.

sniffer manipulates gopacket to sniff the interfaces and record packets' info. gopacket wraps the Golang port of libpacp library, and provides some additional features. One of the projects that inspired the sniffer is bandwhich, which has a sophisticated interface and multiple ways to display data, but it does not support BPF filters. Another one is nethlogs, which supports BPF filters, but can only view data by process, without connections or remote address perspective. sniffer combines the advantages of those two projects also adhering a new Plot mode.

Connections and Process Matching

On Linux, sniffer refers to the ways in which the ss tool used, obtaining the connections of the ESTABLISHED state by netlink socket. Since that approach is more efficient than reading the /proc/net/* files directly. But both need to aggregate and calculate the network traffic of the process by matching the inode information under /proc/${pid}/fd.

On macOS, the lsof command is invoked, which relies on capturing the command output for analyzing process connections information. And sniffer manipulates the API provided by gopsutil directly on Windows.

Installation

sniffer relies on the libpcap library to capture user-level packets hence you need to have it installed first.

Linux / Windows

Debian/Ubuntu

$ sudo apt-get install libpcap-dev

CentOS/Fedora

$ sudo yum install libpcap libpcap-devel

Windows

Windows need to have npcap installed for capturing packets.

After that, install sniffer by go get command.

$ go get -u github.com/chenjiandongx/sniffer

MacOS

$ brew install sniffer

Usages

❯ sniffer -h
# A modern alternative network traffic sniffer.

Usage:
  sniffer [flags]

Examples:
  # processes mode for pid 1024,2048 in MB unit
  $ sniffer -p 1024 -p 2048 -m 2 -u MB

  # only capture the TCP protocol packets with lo,eth prefixed devices
  $ sniffer -b tcp -d lo -d eth

Flags:
  -a, --all-devices                  listen all devices if present
  -b, --bpf string                   specify string pcap filter with the BPF syntax (default "tcp or udp")
  -d, --devices-prefix stringArray   prefixed devices to monitor (default [en,lo,eth,em,bond])
  -h, --help                         help for sniffer
  -i, --interval int                 interval for refresh rate in seconds (default 1)
  -l, --list                         list all devices name
  -m, --mode int                     view mode of sniffer (0: bytes 1: packets 2: processes)
  -n, --no-dns-resolve               disable the DNS resolution
  -p, --pids int32Slice              pids to watch, empty stands for all pids (default [])
  -u, --unit string                  unit of traffic stats, optional: B, Kb, KB, Mb, MB, Gb, GB (default "KB")
  -v, --version                      version for sniffer

Hotkeys

Keys Description
Space pause refreshing
Tab rearrange tables
s switch next view mode
q quit

Performance

iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. Next we use this tool to forge massive packets on the lo device.

$ iperf -s -p 5001
$ iperf -c localhost --parallel 40 -i 1 -t 2000

sniffer vs bandwhich vs nethogs

As you can see, CPU overheads bandwhich > sniffer > nethogs, memory overheads sniffer > nethogs > bandwhich.

    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND
 128405 root      20   0  210168   5184   3596 S  31.0   0.3   1:21.69 bandwhich
 128596 root      20   0 1449872  21912   8512 S  20.7   1.1   0:28.54 sniffer
 128415 root      20   0   18936   7464   6900 S   5.7   0.4   0:11.56 nethogs

See what stats they show, sniffer and bandwhich output are very approximate(~ 2.5GB/s). netlogs can only handles packets 1.122GB/s.

sniffer bandwhich nethogs
Upload 2.5GiBps 2.5GiBps 1.12GiBps

View Mode

Bytes Mode: display traffic stats in bytes by the Table widget.

Packets Mode: display traffic stats in packets by the Table widget.

Processes Mode: display traffic stats groups by process using Plot widget.

License

MIT ©chenjiandongx

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].