Sniff - Help
Run the following command for help.
Sniff options should be placed before the double dash (--) and tcpdump
options should be placed after. Here are some examples of how to use sniff.
Capture all incoming FTP packets on eth1 without using colour
As you can see any options after the double-dash "--" are standard tcpdump options.
./sniff -c -- -i eth1 tcp port 21
Real time logging to a CSV file
Enclose data with " character (-e\")
The example below uses the following options:
Separator lines with the , character (-n,)
Print the separator once only (-t0)
Dont use colour (-c)
./sniff -e\" -n, -s -t0 -c > /tmp/dump.csv
Converting a tcpdump dumb file into CSV format
First use tcpdump to make the dump file, you must use the "-lx -s 1024" options
at least. For example:
tcpdump -lx -s 1024 -w /tmp/dump.txt
Then run sniff with the required options, note the tcpdump options stating to read from
the previously created file.
./sniff -e\" -n, -s -t0 -c -- -r /tmp/dump.txt > /tmp/dump.csv