Sniff - Overview

Makes output from the tcpdump program easier to read and parse.

This software is now redundant as ASCII support as since been added to tcpdump in version 3.8.

Features

Coloured console output
Directly accepts tcpdump options (including parsing from packet files)
Fully customisable output

Requirements

Linux operating system
Perl installed
tcpdump program installed
Privileges in order to run tcpdump

Sniff - Help

Run the following command for help.

./sniff -h

Sniff options should be placed before the double dash (--) and tcpdump options should be placed after. Here are some examples of how to use sniff.

Capture all incoming FTP packets on eth1 without using colour
As you can see any options after the double-dash "--" are standard tcpdump options.

./sniff -c -- -i eth1 tcp port 21

Real time logging to a CSV file
The example below uses the following options:

Enclose data with " character (-e\")
Separator lines with the , character (-n,)
Print the separator once only (-t0)
Dont use colour (-c)

./sniff -e\" -n, -s -t0 -c > /tmp/dump.csv

Converting a tcpdump dumb file into CSV format
First use tcpdump to make the dump file, you must use the "-lx -s 1024" options at least. For example:

tcpdump -lx -s 1024 -w /tmp/dump.txt

Then run sniff with the required options, note the tcpdump options stating to read from the previously created file.

./sniff -e\" -n, -s -t0 -c -- -r /tmp/dump.txt > /tmp/dump.csv

Sniff - Changelog

Version 2.3 (18th March 2004)

Tcpdump -n option no longer used as default, to use option just specify it on the command line with your other tcpdump options. Version 2.2   (19th November 2001) Tcpdump option handling bug fixed.
Now supports more tcpdump options. Version 2.1   (10th October 2001) Parsing command line options fixed.
Version option added. Version 2   (6th October 2001) Initial public release.

Sniff - Downloads

Version	Format	Size	Date	Notes
2.3	Bzip2	313k	18/04/2004	(Latest)
2.3	RPM	326k	18/04/2004	Built by Joe Klemmer
2.2	Gzip	313k	19/11/2001