Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.0 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

SNIFFIT(8)		    System Manager's Manual		    SNIFFIT(8)

NAME
       sniffit - packet	sniffer	and monitoring tool

SYNOPSIS
       sniffit	[-xdabvnN]  [-P	proto ]	[-A char ] [-p port ] [(-r|-R) record-
       file ] [-l sniflen ] [-L	logparam ] [-F snifdevice ] [-D	tty ] [-M plu-
       gin ] [(-t Target-IP | -s Source-IP ) | (-i|-I) | -c config-file	]

DESCRIPTION
       sniffit is a packet sniffer for TCP/UDP/ICMP packets.  sniffit is  able
       to  give	 you  very detailed technical info on these packets (SEQ, ACK,
       TTL, Window, ...) but also packet contents in different formats (hex or
       plain text, ...).

       sniffit can by default handle ethernet and PPP devices, but can	easily
       be  forced  into	using other devices (read the README.FIRST and sn_con-
       fig.h files on this subject!)

       The sniffer can easily be configured in order to	'filter' the  incoming
       packets (to make	the sniffing results easier to study). The config file
       (see  sniffit(5)	 ) allows you to be very specific on the packets to be
       processed.

       sniffit also has	an interactive mode for	 active	 monitoring,  and  can
       also be used for	continuous monitoring on different levels.

NOTE
       This  man  page	is  supposed  to be a reference	manual.	So please read
       README.FIRST first, and use this	only for better	understanding or for a
       quick check on the use of sniffit

OPTIONS
       -v     Shows the	version	of sniffit you are running  and	 exits	(over-
	      rides all)

       -t Target-IP
	      Only process packets TO Target-IP. If Target-IP is in dot-nr no-
	      tation,  'x'  is	allowed	as wildcard. (e.g. '-t 157.193.x', '-t
	      x', ...)	(NOT compatible	with: '-s' '-i'	'-I' '-c' '-v' '-L')

       -s Source-IP
	      Similar to '-t', only process packets FROM Source-IP.  (NOT com-
	      patible with: '-t' '-i' '-I' '-c'	'-v' '-L')

       -b     'both' mode, together with '-s' or '-t',	only  process  FROM/TO
	      the IP specified by '-s' or '-t' (NOT compatible with: '-t' '-i'
	      '-I' '-c'	'-v' '-L')

       -c config-file
	      Use  config-file for the packet filtering. This allows you to be
	      very specific on the packets to be processed (see	sniffit(5) for
	      details on the format).  (NOT compatible with:  '-t'  '-s'  '-i'
	      '-I' '-v'	'-L')

       -i     Launch the ncurses interface for active monitoring ('interactive
	      mode').  (NOT available if you compiled without INTERACTIVE sup-
	      port see sn_config.h and README.FIRST ) (one of the options '-t'
	      '-s' '-i'	'-I' '-c' is required) (NOT compatible with: '-t' '-s'
	      '-c' '-v'	'-L')

       -I     Same  as	'-i', but gives	you more information.  (one of the op-
	      tions '-t' '-s' '-i' '-I'	 '-c'  is  required)  (NOT  compatible
	      with: '-t' '-s' '-c' '-v'	'-L')

       -R <file>
	      Record  all traffic in <file> This file can then be fed to Snif-
	      fit with the '-r'	option.	 (Needs	 a  selection  parameter  like
	      '-c' '-t'	'-s') (NOT compatible with '-i'	'-I' '-v' '-L' '-r')

       -r <file>
	      This  option  feeds the recorded <file> to sniffit.  It requires
	      the '-F' option with the correct device. Suppose you log a  file
	      on  a machine with 'eth0'. When feeding the logged file to snif-
	      fit , you	will need to add '-F eth0' or '-F eth' to the  command
	      line.  It	 doesn't need much explanation that using '-i' or '-I'
	      in combination with '-r' makes no	sense (at this moment).	  (re-
	      quires '-F', NOT compatible with '-R' '-i' '-I')

       -n     Turn  of	IP checksum checking. This can show you	bogus packets.
	      (mind you	ARP, RARP, other non-IP	packets	 will  show  up	 bogus
	      too) (compatible with ALL	options)

       -N     Don't  perform any of the	build in Sniffit functions. Useful for
	      only running a Plugin.  (compatible with ALL options)

       -x     Prints extended info on TCP packets to stdout (SEQ, ACK,	Flags,
	      etc...)	Interesting when tracing spoofs, packet	loss and other
	      real net debugging/checking tasks.  (if you want	to  log	 this,
	      pipe stdout to a file) (NOT compatible with: '-i'	'I' '-v')

       -d     'dump mode', shows the packets on	the screen (stdout) instead of
	      logging  into  files  (default). Data is printed in bytes	(hex).
	      (NOT compatible with: '-i' 'I' '-v' '-L')

       -a     'dump mode', same	of '-d'	but outputs ASCII. Non printable chars
	      are replaced by '.'.  ('-d' and '-a' mix	without	 any  problem)
	      (NOT compatible with: '-i' '-I' '-v' '-L')

       -P proto
	      Specify  the  protocols  that should be processed	(default TCP).
	      Possible options currently are: IP, TCP, ICMP, UDP. They can  be
	      combined.	  IP, ICMP, UDP	info is	dumped to stdout. IP gives AD-
	      DITIONAL info on the IPwrapping around other packets, it is  not
	      needed  to  specify IP for TCP packet logging.  IP, ICMP packets
	      are not filtered (UDP packets are	as of 0.3.4).  (NOT compatible
	      with: '-i' '-I' '-v' '-L')

       -A char
	      When in 'normal mode' (not '-d','-a','-i','-I','-L'),  all  non-
	      printable	 chars	will be	replaced by char (NOT compatible with:
	      '-a' '-d'	'-i' '-I' '-v' '-L')

       -p port
	      Only checks packets going	TO (!!)	  port	port  ,	 0  means  all
	      ports, default is	0 (all).  (NOT compatible with:	'-c' '-i' '-I'
	      '-v' '-L')

       -l sniflen
	      Amount  of data to log (default 300 bytes) in 'normal mode'. The
	      first sniflen bytes of every connection  are  logged.  Length  0
	      logs means everything. (look out with diskspace!)	 (NOT compati-
	      ble with:	'-i' '-I' '-v' '-L')

       -F snifdevice
	      Force  sniffit  to use a certain network device.	snifdevice can
	      be found with ifconfig (see ifconfig(8)).	 sniffit supports eth-
	      ernet and	PPP by default.	Read README.FIRST for info on  forcing
	      the use of other devices.	 (compatible with ALL options)

       -D tty All  logging  output  will  be send to that device.  (ONLY works
	      with '-i'	and '-I')

       -M plugin
	      Activate Plugin nr.  Plugin , for	a list on all plugins compiled
	      in your version, just type ' sniffit '. Read all	about  Plugins
	      in  the PLUGIN-HOWTO (READ IT!)  (NOT compatible with: '-i' '-I'
	      '-v')

       -L logparam
	      Use sniffit as a monitoring tool and  enable  different  logging
	      modes  ( logparam	) The File for logging can be specified	in the
	      config file (see sniffit(5) ) but	 is  sniffit.log  by  default.
	      Different	logparam can be	combined.  (ONLY works with '-c')

NORMAL MODE
       A  bunch	 of  sniflen initial bytes (default 300) of each connection is
       logged into a file x.x.x.x.p-y.y.y.y.o where 'x.x.x.x' is  the  sending
       host (port 'p') and 'y.y.y.y' the receiving host	(port 'o').

DUMP MODE ('-d'	and/or '-a')
       Output  is  dumped  to stdout, the packet contents is shown in it's un-
       wrapped form (the complete IP packet).

INTERACTIVE MODE ('-i' or '-I')
       Keys available in interactive mode:

       'UP or 'k'
	      self explanatory

       DOWN or j'
	      self explanatory

       F1 or '1'
	      Enter a host (enter 'all'	for  no	 mask)	for  packet  filtering
	      (host that sends the packets)

       F2 or '2'
	      Enter  a	host  (enter  'all' for	no mask) for packet filtering.
	      (host that receives the packets)

       F3 or '3'
	      Enter a port (enter '0' for no mask) for packet filtering. (host
	      that sends the packets)

       F4 or '4'
	      Enter a port (enter '0' for no mask) for packet filtering. (host
	      that receives the	packets)

       F5 or '5'
	      Start a program 'sniffit_key5' with arguments  <from  IP>	 <from
	      port> <to	IP> <to	port> If the program doesn't exist, nothing is
	      done.  Sniffit should be in the same path	as sniffit was STARTED
	      FROM (not	necessarily the	path sniffit is	stored in) This	 func-
	      tion is useful for interactive connection	killing	or extra moni-
	      toring. A	little shell script can	always transform the arguments
	      given and	pass them on to	other programs.

       F6 or '6'
	      Same as F5 or '5', but with program 'sniffit_key6'

       F7 or '7'
	      Same as F5 or '5', but with program 'sniffit_key7'

       F8 or '8'
	      Same as F5 or '5', but with program 'sniffit_key8'

       ENTER  a	 window	 will pop up and log the connection, or	the connection
	      output will be send at a chosen device if	you used the '-D'  op-
	      tion.

       'q'    When in logging mode, stop logging. Otherwise, quit.

       'n'    Toggle  netstatistics.  These are	sampled	at 3 secs, look	in the
	      sn_config.h file to change this.

       'g'    Sniffit is now able to generate  some  traffic  load.  Currently
	      this  is	a 'underdevelloped' feature with very few options, but
	      it will be expanded a lot.  Currently only UDP packets are  gen-
	      erated.  When  pressing  'g'  you	 will be asked the source/dest
	      IP/port and how much  packets  are  needed  to  be  transmitted.
	      Packets contain the line:	"This Packet was fired with Sniffit!

       'r'    Reset.. clears all current connections from memory and restarts.

LOGGING	MODE ('-L')
       Output  is  saved to sniffit.log	, unless you have specified some other
       name in the config file (see sniffit(5) ).

       raw    Log all SYN, FIN,	RST packets. This will give you	an overview of
	      all network (TCP)	trafic in a 'RAW' way (a  connection  starting
	      could gives you at least 2 SYN packets, etc...).

       norm   Same  as	raw,  but  a  bit more intelligent. Unless packets are
	      transmitted multiple times because of packet loss, you will only
	      get 1 notice of a	connection starting or ending. (the packet  id
	      will give	you the	host that initiated the	connection first)

       telnet Sniffit  will try	to catch login and passwords for this applica-
	      tion. (see telnet(1) )

       ftp    Sniffit will try to catch	login and passwords for	this  applica-
	      tion.  (see ftp(1) )

       mail   Sniffit will try to identify all mail that was logged.

IP ICMP	UDP LOGGING
       Information  on these packets is	dumped to stdout. Packet Filtering op-
       tions only refer	to TCP and UDP packets.	 The contents of  UDP  packets
       is only shown when enabling '-a'	or '-d'.

AUTHOR
       Brecht Claerhout	<coder@reptile.rug.ac.be>

SEE ALSO
       sniffit(5)

								    SNIFFIT(8)

---

NAME | SYNOPSIS | DESCRIPTION | NOTE | OPTIONS | NORMAL MODE | DUMP MODE ('-d' and/or '-a') | INTERACTIVE MODE ('-i' or '-I') | LOGGING MODE ('-L') | IP ICMP UDP LOGGING | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sniffit&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact