🐶 A modern alternative network traffic sniffer.

Overview

sniffer

A modern alternative network traffic sniffer inspired by bandwhich(Rust) and nethogs(C++).

sniffer.mov

Introduction

中文介绍

sniffer is designed for network troubleshooting. It can be started at any time to analyze the processes or connections causing increases in network traffic without loading any kernel modules. In addition, the GUI of it is responsive that can fit with terminals of all sizes automatically.

sniffer manipulates gopacket to sniff the interfaces and record packets' info. gopacket wraps the Golang port of libpacp library, and provides some additional features. One of the projects that inspired the sniffer is bandwhich, which has a sophisticated interface and multiple ways to display data, but it does not support BPF filters. Another one is nethlogs, which supports BPF filters, but can only view data by process, without connections or remote address perspective. sniffer combines the advantages of those two projects also adhering a new Plot mode.

Connections and Process Matching

On Linux, sniffer refers to the ways in which the ss tool used, obtaining the connections of the ESTABLISHED state by netlink socket. Since that approach is more efficient than reading the /proc/net/* files directly. But both need to aggregate and calculate the network traffic of the process by matching the inode information under /proc/${pid}/fd.

On macOS, the lsof command is invoked, which relies on capturing the command output for analyzing process connections information. And sniffer manipulates the API provided by gopsutil directly on Windows.

Installation

sniffer relies on the libpcap library to capture user-level packets hence you need to have it installed first.

Debian/Ubuntu

sudo apt-get install libpcap-dev

CentOS/Fedora

sudo yum install libpcap libpcap-devel

MacOS

brew install libpcap

Windows

Windows need to have npcap installed for capturing packets.

after that, install sniffer

go get github.com/chenjiandongx/sniffer

Usages

❯ sniffer -h
# A modern alternative network traffic sniffer.

Usage:
  sniffer [flags]

Examples:
  # processes mode for pid 1024,2048 in MB unit
  $ sniffer -p 1024 -p 2048 -m 2 -u MB

  # only capture the TCP protocol packets with lo,eth prefixed devices
  $ sniffer -b tcp -d lo -d eth

Flags:
  -b, --bpf string                   specify string pcap filter with the BPF syntax (default "tcp or udp")
  -d, --devices-prefix stringArray   prefixed devices to monitor (default [en,lo,eth,em,bond])
  -h, --help                         help for sniffer
  -i, --interval int                 interval for refresh rate in seconds (default 1)
  -l, --list                         list all devices name
  -m, --mode int                     view mode of sniffer (0: bytes 1: packets 2: processes)
  -n, --no-dns-resolve               disable the DNS resolution
  -p, --pids ints                    pids to watch in processes mode (default all processes)
  -u, --unit string                  unit of traffic stats in processes mode, optional: B, KB, MB, GB (default "KB")
  -v, --version                      version for sniffer

View Mode

Bytes Mode: display traffic stats in bytes by the Table widget.

Packets Mode: display traffic stats in packets by the Table widget.

Processes Mode: display traffic stats groups by process using Plot widget.

License

MIT ©chenjiandongx

Issues
  • 无法编译

    无法编译

    # github.com/google/gopacket/afpacket
    ../../gopath/pkg/mod/github.com/google/[email protected]/afpacket/options.go:176:19: undefined: pageSize
    ../../gopath/pkg/mod/github.com/google/[email protected]/afpacket/options.go:177:85: undefined: pageSize
    # github.com/google/gopacket/pcap
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:30:22: undefined: pcapErrorNotActivated
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:52:17: undefined: pcapTPtr
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:64:10: undefined: pcapPkthdr
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:103:6: undefined: pcapBpfProgram
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:110:7: undefined: pcapPkthdr
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:268:33: undefined: pcapErrorActivated
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:269:33: undefined: pcapWarningPromisc
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:270:33: undefined: pcapErrorNoSuchDevice
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:271:33: undefined: pcapErrorDenied
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:272:33: undefined: pcapErrorNotUp
    ../../gopath/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:272:33: too many errors
    
    opened by cute-angelia 3
  • No available devices found on Raspberry Pi 4

    No available devices found on Raspberry Pi 4

    Hi ! I run the sniffer version v0.6.0 on my Raspberry Pi 4 with OS Raspbian v10(buster). After start i get message: Start sniffer failed: no available devices found

    I try to run with key --all-devices but the result is same message "Start sniffer failed: no available devices found"

    opened by AlterMax 0
Releases(v0.6.1)
Owner
dongdong
🌈 =(◉ᴥ◉)= he/him
dongdong
A simple network analyzer that capture http network traffic

httpcap A simple network analyzer that captures http network traffic. support Windows/MacOS/Linux/OpenWrt(x64) https only capture clienthello colorful

null 1 Nov 24, 2021
Packet Sniffer in golang

WirePenguin ?? A CLI Packet Sniffer in golang using Cobra and Gopacket packages much much simpler than WireShark =) You can capture packets both live

Mohammad ebrahim Adibzadeh 28 Jun 7, 2022
[WIP] gg is a portable tool to redirect the traffic of a given program to your modern proxy without installing any other programs.

gg gg (go-graft), was inspired by graftcp. go-graft is a pure golang implementation with more useful features. TODO: Use system DNS as the fallback. R

mzz 196 Aug 11, 2022
The Akita CLI for watching network traffic, automatically generating API specs, and diffing API specs.

Catch breaking changes faster Akita builds models of your APIs to help you: Catch breaking changes on every pull request, including added/removed endp

Akita Software 186 Aug 9, 2022
Apache Traffic Control is an Open Source implementation of a Content Delivery Network

Apache Traffic Control Apache Traffic Control is an Open Source implementation of a Content Delivery Network. Documentation Intro CDN Basics Traffic C

The Apache Software Foundation 798 Aug 3, 2022
Schema-free, document-oriented streaming database that optimized for monitoring network traffic in real-time

Basenine Schema-free, document-oriented streaming database that optimized for monitoring network traffic in real-time. Featured Aspects Has the fastes

UP9 36 Jul 29, 2022
Capdns is a network capture utility designed specifically for DNS traffic. This utility is based on tcpdump.

Capdns is a network capture utility designed specifically for DNS traffic. This utility is based on tcpdump. Some of its features include: Unde

Infvie Envoy 10 Feb 26, 2022
:vulcan_salute: Fast, modern, easy-to-use network scanner

sx is the command-line network scanner designed to follow the UNIX philosophy. The goal of this project is to create the fastest network scanner with

null 974 Aug 10, 2022
Modern network boot server.

bofied demo.mp4 Modern network boot server. Overview bofied is a network boot server. It provides everything you need to PXE boot a node, from a (prox

Felix Pojtinger 133 Aug 11, 2022
TCPProbe is a modern TCP tool and service for network performance observability.

TCPProbe is a modern TCP tool and service for network performance observability. It exposes information about socket’s underlying TCP session, TLS and HTTP (more than 60 metrics). you can run it through command line or as a service. the request is highly customizable and you can integrate it with your application through gRPC. it runs in a Kubernetes cluster as cloud native application and by adding annotations on pods allow a fine control of the probing process.

Mehrdad Arshad Rad 324 Aug 10, 2022
Transfer 10Gbps http traffic over 1Gbps networks :)

httpteleport Teleports 10Gbps http traffic over 1Gbps networks. Built on top of fastrpc. Use cases httpteleport may significantly reduce inter-server

Aliaksandr Valialkin 444 Jun 14, 2022
Reducing Malloc/Free traffic to cgo

CGOAlloc Reducing Malloc/Free traffic to cgo Why? Cgo overhead is a little higher than many are comfortable with (at the time of this writing, a simpl

Stephen Baynham 7 Aug 2, 2022
Serve traffic (HTTP/gRPC) over SSH using Domain Sockets

Serve On SSH Introduction There is often a need to offer services for administrative purposes on servers or even for microservices that are running on

John Doak 7 Jan 9, 2022
dumpr! is a tool to capture text based tcp traffic from the receivers point of view.

dumpr! dumpr! is a tool to capture text based tcp traffic. The project came about for the need to capture a web request from the back end. It was also

null 2 Dec 4, 2021
Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.

Features • Installation • Usage • Running Proxify • Installing SSL Certificate • Applications of Proxify • Join Discord Swiss Army Knife Proxy for rap

ProjectDiscovery 1.7k Aug 11, 2022
HTTP API traffic recording and replay middleware based on GoReplay, can be used for migration and refactoring testing

gorc HTTP API traffic recording and replay middleware based on GoReplay, can be used for migration and refactoring testing. English | 中文 Requirements

Jioby 2 Feb 13, 2022