Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. Read more hot
AnetTest is a integrated packet generator and sniffer for Ethernet, but also works with blocks of data over TCP connection. Enables you to use scripts for automated testing, monitoring, imitating of various network objects, creating custom network tools.
angst is an active sniffer, based on libpcap and libnet. Angst provides methods for aggressive sniffing on switched local area network environments. It dumps the payload of all the TCP packets received on the specified ports. Moreover, it implements methods for active sniffing.
CANFestival GUI is a graphical user interface for CANFestival. It enables the user to easily send and receive CANopen and CAN messages through an AdLink PCI-7841 PCI-Card on Linux. It can also act as a CAN-Bus sniffer.
Coarse Port Knocking
Coarse Port Knocking is a simple implementation of the port knocking techniques. This program uses the ngrep tool to sniff blocked network packets. It waits for special packets with determined keys and executes commands like a firewall to open and close ports.
darkstat is a network traffic analyzer. It's basically a packet sniffer which runs as a background process on a cable/DSL router and gathers all sorts of useless but interesting statistics.
dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). Read more
echolot fetches arp packets on an ethernet, stores them in an iptraf compatible database and detects new hosts on your lan (intruders) and finds known hosts again (popular ftps on different networks, eg lan parties)
ettercap is a network sniffer/interceptor/logger for switched LAN.
It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Read more
Excalibur is a real-time packet sniffer / analzyer for Dark Age of Camelot.
Getdata is a simple but useful protocol analyzer capable to get TCP/UDP/ICMP/IGMP packets.
ggsniff is a patch for dsniff that adds the ability to record Gadu-Gadu messages to msgsnarf.
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis.
interceptty sits between a real (or fake!) serial port and an application, recording any communications between the application and the device. It can also be used as a network serial server or client, to provide an emulated serial port connected to a program, and for various other tasks.
Junkie is a real-time packet sniffer and analyzer. It is modular enough to accomplish many different tasks.
justniffer is a TCP packet sniffer. It captures TCP packets, reassembles and reorders them, performs IP packet defragmentation and displays the TCP flow in the standard output. It is useful for logging network traffic in a "standard" (Web server like) or in a customized way. It can log timings (e.g. response time), which is useful for tracking network service performance. The main differences with other sniffers is that it captures TCP/IP traffic and handles all TCP/IP issues (reordering, retransmissions, defragmentation), and that it reports timing information.
Kismet is a 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extentions. Read more
Ksniffer is a network statistics collector. It allows a user to watch all network traffic over any network interface connected to the host machine. KSniffer supports most TCP/IP protocols, (TCP, IP, UDP, ICMP, ARP, RARP as well as minimal IPX). KSniffer is based off of iptraf.
KSnuffle is a network packet sniffer for KDE.
Linux Serial Sniffer
The Linux Serial Sniffer allows you to sniff serial data up to 460Kbs via a Comtrol RocketPort or to 115Kbs using the standard ttyS0 and ttyS1 ports.
Nast is a packet sniffer and a LAN analyzer based on Libnet and Libpcap. It can sniff in normal mode or in promiscuos mode the packets on a network interface. It dumps the headers of packets and the payload in ascii or ascii-hex format. Read more
Nemesis is a command-line network packet crafting and injection utility. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts. Read more
netsniff-ng is a high performance linux network sniffer for packet inspection. Basically, it is similar to tcpdump, but it doesn't need one syscall per packet. Instead, it uses an memory mapped area within kernelspace for accessing packets without copying them to userspace (zero-copy mechanism).
ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP and UDP across ethernet, ppp and slip interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, like tcpdump and snoop. Read more
passlogd is a purpose-built sniffer for capturing syslog messages in transit. This allows for backup logging to be performed on a machine with no open ports.
pdump is a highly configurable packet sniffer written in Perl, that dumps, greps, monitors, creates, and modifies traffic on a network.
Psniff is a scriptable tcp packet monitor. Its output looks similar to tcpdump's except in color.
pynids is a python wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection. Let your own python routines examine (or kill) network conversations.
RPCAP is a Remote Packet Capture system. It enables you to run a packet capture program (the server) on a target computer, which will sniff the network traffic on that system, and uplink the captured packets to another host (the client), where the captured packets can be processed, analysed and archived.
Scanhill is a Microsoft Messenger Protocol Sniffer. Currently it can only intercept Instant Text Messaging. Optionally, intercepted text messages can be stored onto an RDMBS (Only mySQL is supported for now).
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, and p0f. Read more
sersniff is a simple program to tunnel/sniff between 2 serial ports. It also has support for sniffing a TCP connection or between a serial port and a TCP port.
slsnif is a serial line sniffer. It listens to the specified serial port and logs all data coming through it. slsnif works transparently for both the device connected to the serial port and the controlling software for this device.
Sniffdet is an Open Source implementation of a set of tests for remote sniffers detection in TCP/IP network environments. It's composed of a flexible and easy to use library and an application to run the tests. Read more
snifob is a sniffer output beautifier written in Perl. It colourizes and de-hex-ifies console based packet sniffer output to improve readability.
tcpick is a textmode sniffer that can track tcp streams and saves the data captured in files or displays them in the terminal. Useful for picking files in a passive way.
TCPreen is a simple tool to monitor and analyze data transmitted between clients and servers through connection-oriented streams data such as a TCP sessions; it supports TCP over either IPv4 or IPv6. This tool focuses on the data stream (software/socket layer), not on the lower level transmission protocol as packet sniffers do.
tcptrack is a sniffer which displays information about TCP connections it sees on a network interface. It passively watches for connections on the network interface, keeps track of their state and displays a list of connections in a manner similar to the unix 'top' command.
Traff sniffs you network interfaces and accounts the traffic on a IP basis. The configuration is very flexible allowing you to create different/multiple accounting rules.
tvark is a network monitoring tool (sniffer) with a GUI front end and is tied to a MySQL database. The GUI provides a view of traffic activity that can be seen from the machine/interface that Tvark is run on.
vnStat is a network traffic monitor for Linux that keeps a log of daily network traffic for the selected interface. vnStat isn't a packet sniffer. The traffic information is analyzed from the /proc -filesystem, so vnStat can be used without root permissions.
The goal of Xplico is to extract the applications data from an Internet traffic capture. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), and so on.