Tool 10: Sniff and display network statistics
Description:
This tool sniffs and displays some basic network statistics.
It supports 7 groups: Ethernet/link, ARP, IP4, IP6, UDP, TCP, ICMP.
For each one, it displays: packet count (count), sum of packet sizes
(size), percentage of packet count (c%) and percentage of size (s%).
Display is updated at most every second.
Parameter --device indicates on which device to sniff. Please note
that under some systems, such as Windows, sniffing on some devices is
not supported.
Parameter --filter defines the sniff filter. It permits to restrict
captured packets. This kind of filter is named a BPF or pcap filter.
Basic elements of a filter are:
host 1.2.3.4
net 192.168.10
net 192.168.10.0 mask 255.255.255.0
net 192.168.10.0/24
port 21
dst host 1.2.3.4
src port 2345
ether host a:b:c:d:e:f ('ether a:b:c:d:e:f' is not working)
ether src aa:bb:cc:dd:ee:ff
ip
arp
rarp
tcp
icmp
udp
Here are filter examples:
"host 1.2.3.4"
"net 192.168 and icmp"
"host 1.2.3.4 or dst port 80"
"(udp or tcp) and not host 1.2.3.4"
This tool may need to be run with admin privilege in order to sniff.
Synonyms:
capture, icmp, ip4, ip6, mac, packet, show
Usage:
netwox 10 [-d device] [-f filter]
Parameters:
| parameter |
description |
example |
| -d|--device device |
device name |
Eth0 |
| -f|--filter filter |
pcap filter |
|
Example:
netwox 10