Snifter 1.3.0

Raw Socket Sniffer

Install-Package Snifter -Version 1.3.0
dotnet add package Snifter --version 1.3.0
<PackageReference Include="Snifter" Version="1.3.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Snifter --version 1.3.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Snifter, 1.3.0"
For F# scripts that support #r syntax, copy this into the source code to reference the package.

Snifter

NuGet

      __.---,__
   .-`         '-,__
 &/           ',_\ _\
 /               '',_
 |    .            (")
 |__.`'-..--|__|--``   Snifter

Snifter is a raw socket IP packet capturing library and application for Windows and Linux, with a tiny CPU and memory footprint.

Output can be written to PCAPNG files, and you can filter captured packets based on protocol, source/destination address and source/destination port.

Why?

On Windows, you can't capture on the local loopback address 127.0.0.1 with a packet capture driver like WinPcap - but you can by using a raw socket sniffer, like Snifter.

Additionally, Snifter is a cross-platform, portable library and application that doesn't require any drivers to be installed.

Snifter started life only for Windows, and Linux support was later added thanks to .NET Core.

Getting Started

Install the Snifter package from NuGet:

Install-Package Snifter

You can see an example of how to use the library in the Snifter.App code in src/App, including capturing, parsing, filtering and saving packets.

App Limitations

You must run Snifter.App with elevated privileges on Windows, or with sudo on Linux - this is an OS-level requirement to create raw sockets.

For now at least, Snifter only supports IPv4. It should be straightforward to add support for IPv6, but I don't use IPv6 yet, so haven't added it.

If you want to capture loopback traffic, it's important that your apps are communicating specifically with 127.0.0.1 - not localhost.

Note that Snifter is restricted to only capturing TCP packets on Linux.

App Usage

snifter.exe -i x -f filename

  -i, --interface=VALUE      ID of the interface to listen on
  -f, --filename=VALUE       Filename to output sniffed packets to. Defaults to snifter.pcapng
  -o, --operator=VALUE       Whether filters should be AND or OR. Defaults to OR
  -p, --protocol=VALUE       Filter packets by IANA registered protocol number
  -s, --source-address=VALUE Filter packets by source IP address
  -d, --dest-address=VALUE   Filter packets by destination IP address
  -x, --source-port=VALUE    Filter packets by source port number
  -y, --dest-port=VALUE      Filter packets by destination port number
  -h, -?, --help             Show command line options

Run snifter.exe -h to see a list of available network interfaces.

Note that each filter option can only be specified once.

Snifter

NuGet

      __.---,__
   .-`         '-,__
 &/           ',_\ _\
 /               '',_
 |    .            (")
 |__.`'-..--|__|--``   Snifter

Snifter is a raw socket IP packet capturing library and application for Windows and Linux, with a tiny CPU and memory footprint.

Output can be written to PCAPNG files, and you can filter captured packets based on protocol, source/destination address and source/destination port.

Why?

On Windows, you can't capture on the local loopback address 127.0.0.1 with a packet capture driver like WinPcap - but you can by using a raw socket sniffer, like Snifter.

Additionally, Snifter is a cross-platform, portable library and application that doesn't require any drivers to be installed.

Snifter started life only for Windows, and Linux support was later added thanks to .NET Core.

Getting Started

Install the Snifter package from NuGet:

Install-Package Snifter

You can see an example of how to use the library in the Snifter.App code in src/App, including capturing, parsing, filtering and saving packets.

App Limitations

You must run Snifter.App with elevated privileges on Windows, or with sudo on Linux - this is an OS-level requirement to create raw sockets.

For now at least, Snifter only supports IPv4. It should be straightforward to add support for IPv6, but I don't use IPv6 yet, so haven't added it.

If you want to capture loopback traffic, it's important that your apps are communicating specifically with 127.0.0.1 - not localhost.

Note that Snifter is restricted to only capturing TCP packets on Linux.

App Usage

snifter.exe -i x -f filename

  -i, --interface=VALUE      ID of the interface to listen on
  -f, --filename=VALUE       Filename to output sniffed packets to. Defaults to snifter.pcapng
  -o, --operator=VALUE       Whether filters should be AND or OR. Defaults to OR
  -p, --protocol=VALUE       Filter packets by IANA registered protocol number
  -s, --source-address=VALUE Filter packets by source IP address
  -d, --dest-address=VALUE   Filter packets by destination IP address
  -x, --source-port=VALUE    Filter packets by source port number
  -y, --dest-port=VALUE      Filter packets by destination port number
  -h, -?, --help             Show command line options

Run snifter.exe -h to see a list of available network interfaces.

Note that each filter option can only be specified once.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
1.3.0 156 9/14/2020