White Hat Institute

Sniffing network traffic with Netsniff-ng

Bottlenecks, downtime, and other popular network performance problems can have a significant impact on end-user experience and efficiency, eventually affecting the company’s bottom line. Almost every sysadmin prioritizes determining the root cause of performance issues. Packet sniffers, also known as network sniffers or network analyzers, play a very important role in this.

Netsniff-ng is a free Linux networking tool. Its addition of execution is come to by zero-copy mechanisms so that on packet reception and transmission, the kernel does not have to duplicate packets from kernel space to client space and the other way around.

The ideal approach to get a decent outline of what it is about and how the tool work is to look into the individual “man” pages found in the source code repository. It covers all that you have to know. On the off chance that you begin each tool with the “- -help” operator, an insignificant usage option is given as well.

Using the Kali OS, you can start “netsniff-ng” from “Applications/09-Sniffing & Spoofing/netsniff-ng”.

Netsniff-ng 1

Once you start, it’ll bring up the help menu page and the usage information.

Netsniff-ng 2

You can likewise run this tool from the terminal by typing “netsniff-ng.”

Ex: ([email protected]:~# netsniff-ng).

It will begin a live sniffing process on the available interface.

Netsniff-ng 2

One of the common ways to sniff the traffic on the specific interface is using the “- -silent” operator, and dumping all the outputs into the specified “.pcap” file.

Ex: ([email protected]:~# netsniff-ng  – -in eth0  – -out netsniff.pcap  – -silent  – -bind-cpu 0).

This way, you will not see any outputs printed on the screen and save all the traffic information on a “netsniff.pcap” file, so you can investigate it offline later on using some tools like Wireshark.

Netsniff-ng 4

To view the captured packets on the file, use the following command: ([email protected]:~# netsniff-ng  – -in netsniff.pcap), or you can directly open it up with a Wireshark.

Netsniff-ng 5

So, what exactly are packet analyzers doing, and why would you want to use one to sniff IP addresses? When increasing your network capacity, a packet sniffer will help you target new resources, control bandwidth, increase efficiencies, ensure delivery of business services, improve safety, and improve end-user performance.