{"id":13493111,"url":"https://github.com/chenjiandongx/sniffer","last_synced_at":"2025-04-12T18:48:32.758Z","repository":{"id":39894496,"uuid":"425894452","full_name":"chenjiandongx/sniffer","owner":"chenjiandongx","description":"🤒   A modern alternative network traffic sniffer.","archived":false,"fork":false,"pushed_at":"2024-03-02T07:48:19.000Z","size":694,"stargazers_count":755,"open_issues_count":3,"forks_count":66,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-03T19:17:04.252Z","etag":null,"topics":["cli","gopacket","networking","packets","pcap","sniffer","tcpdump","traffic"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chenjiandongx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-08T15:36:03.000Z","updated_at":"2025-03-31T10:37:22.000Z","dependencies_parsed_at":"2024-06-18T20:11:22.369Z","dependency_job_id":"0e510386-beee-4dac-a588-bc05f49f8ec3","html_url":"https://github.com/chenjiandongx/sniffer","commit_stats":{"total_commits":47,"total_committers":2,"mean_commits":23.5,"dds":"0.021276595744680882","last_synced_commit":"095d9b0d1ecf34d221b698cc390761c4059ed4b9"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chenjiandongx%2Fsniffer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chenjiandongx%2Fsniffer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chenjiandongx%2Fsniffer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chenjiandongx%2Fsniffer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chenjiandongx","download_url":"https://codeload.github.com/chenjiandongx/sniffer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248617999,"owners_count":21134197,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","gopacket","networking","packets","pcap","sniffer","tcpdump","traffic"],"created_at":"2024-07-31T19:01:12.338Z","updated_at":"2025-04-12T18:48:32.731Z","avatar_url":"https://github.com/chenjiandongx.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# sniffer\n\n[![GoDoc](https://godoc.org/github.com/chenjiandongx/sniffer?status.svg)](https://godoc.org/github.com/chenjiandongx/sniffer)\n[![Go Report Card](https://goreportcard.com/badge/github.com/chenjiandongx/sniffer)](https://goreportcard.com/report/github.com/chenjiandongx/sniffer)\n[![License](https://img.shields.io/badge/License-MIT-brightgreen.svg)](https://opensource.org/licenses/MIT)\n\n\u003e *A modern alternative network traffic sniffer inspired by [bandwhich](https://github.com/imsnif/bandwhich)(Rust) and [nethogs](https://github.com/raboof/nethogs)(C++).*\n\nhttps://user-images.githubusercontent.com/19553554/147360587-a3cfee18-7eb6-464b-9173-9afe6ee86cdf.mov\n\n## Introduction\n\n[中文介绍](https://chenjiandongx.me/2021/11/17/sniffer-network-traffic/)\n\nsniffer is designed for network troubleshooting. It can be started at any time to analyze the processes or connections causing increases in network traffic without loading any kernel modules. By the way, the TUI of it is responsive that can fit with terminals of all sizes automatically.\n\nsniffer manipulates [gopacket](https://github.com/google/gopacket) to sniff the interfaces and record packets' info. gopacket wraps the Golang port of `libpacp` library, and provides some additional features. One of the projects that inspired the sniffer is `bandwhich`, which has a sophisticated interface and multiple ways to display data, but it does not support BPF filters. Another one is `nethlogs`, which supports BPF filters, but can only view data by process, without connections or remote address perspective. sniffer combines the advantages of those two projects also adhering a new Plot mode.\n\n***Connections and Process Matching***\n\nOn Linux, sniffer refers to the ways in which the [ss](https://man7.org/linux/man-pages/man8/ss.8.html) tool used, obtaining the connections of the `ESTABLISHED` state by [netlink socket](https://man7.org/linux/man-pages/man7/netlink.7.html). Since that approach is more efficient than reading the `/proc/net/*` files directly. But both need to aggregate and calculate the network traffic of the process by matching the `inode` information under `/proc/${pid}/fd`.\n\nOn macOS, the [lsof](https://ss64.com/osx/lsof.html) command is invoked, which relies on capturing the command output for analyzing process connections information. And sniffer manipulates the API provided by [gopsutil](https://github.com/shirou/gopsutil) directly on Windows.\n\n## Installation\n\n***sniffer*** relies on the `libpcap` library to capture user-level packets hence you need to have it installed first.\n\n### Linux / Windows\n\n**Debian/Ubuntu**\n```shell\n$ sudo apt-get install libpcap-dev\n```\n\n**CentOS/Fedora**\n```shell\n$ sudo yum install libpcap libpcap-devel\n```\n\n**Windows**\n\nWindows need to have [npcap](https://nmap.org/npcap/) installed for capturing packets.\n\nAfter that, install sniffer by `go get` command.\n\n```shell\n$ go get -u github.com/chenjiandongx/sniffer\n```\n\n### MacOS\n\n```shell\n$ brew install sniffer\n```\n\n## Usages\n\n```shell\n❯ sniffer -h\n# A modern alternative network traffic sniffer.\n\nUsage:\n  sniffer [flags]\n\nExamples:\n  # bytes mode in MB unit\n  $ sniffer -u MB\n\n  # only capture the TCP protocol packets with lo,eth prefixed devices\n  $ sniffer -b tcp -d lo -d eth\n\nFlags:\n  -a, --all-devices                  listen all devices if present\n  -b, --bpf string                   specify string pcap filter with the BPF syntax (default \"tcp or udp\")\n  -d, --devices-prefix stringArray   prefixed devices to monitor (default [en,lo,eth,em,bond])\n  -h, --help                         help for sniffer\n  -i, --interval int                 interval for refresh rate in seconds (default 1)\n  -l, --list                         list all devices name\n  -m, --mode int                     view mode of sniffer (0: bytes 1: packets 2: plot)\n  -n, --no-dns-resolve               disable the DNS resolution\n  -u, --unit string                  unit of traffic stats, optional: B, Kb, KB, Mb, MB, Gb, GB (default \"KB\")\n  -v, --version                      version for sniffer\n```\n\n**Hotkeys**\n\n| Keys | Description |\n| ---- | ----------- |\n| \u003ckbd\u003eSpace\u003c/kbd\u003e | pause refreshing |\n| \u003ckbd\u003eTab\u003c/kbd\u003e | rearrange tables |\n| \u003ckbd\u003es\u003c/kbd\u003e | switch next view mode |\n| \u003ckbd\u003eq\u003c/kbd\u003e | quit |\n\n## Performance\n\n[iperf](https://github.com/esnet/iperf) is a tool for active measurements of the maximum achievable bandwidth on IP networks. Next we use this tool to forge massive packets on the `lo` device.\n\n```shell\n$ iperf -s -p 5001\n$ iperf -c localhost --parallel 40 -i 1 -t 2000\n```\n\n***sniffer vs bandwhich vs nethogs***\n\nAs you can see, CPU overheads `bandwhich \u003e sniffer \u003e nethogs`, memory overheads `sniffer \u003e nethogs \u003e bandwhich`.\n```shell\n    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND\n 128405 root      20   0  210168   5184   3596 S  31.0   0.3   1:21.69 bandwhich\n 128596 root      20   0 1449872  21912   8512 S  20.7   1.1   0:28.54 sniffer\n 128415 root      20   0   18936   7464   6900 S   5.7   0.4   0:11.56 nethogs\n```\n\nSee what stats they show, sniffer and bandwhich output are very approximate(~ 2.5GB/s). netlogs can only handles packets 1.122GB/s.\n\n|  | sniffer | bandwhich | nethogs |\n| -- | ------- | --------- | ------- |\n| **Upload** | 2.5GiBps | 2.5GiBps | 1.12GiBps |\n\n## View Mode\n\n***Bytes Mode:*** display traffic stats in bytes by the Table widget.\n\n![](https://user-images.githubusercontent.com/19553554/147360714-98709e52-1f73-4882-ba56-30f572be9b7e.jpg)\n\n***Packets Mode:*** display traffic stats in packets by the Table widget.\n\n![](https://user-images.githubusercontent.com/19553554/147360686-5600d65b-9685-486b-b7cf-42c341364009.jpg)\n\n## License\n\nMIT [©chenjiandongx](https://github.com/chenjiandongx)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchenjiandongx%2Fsniffer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchenjiandongx%2Fsniffer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchenjiandongx%2Fsniffer/lists"}