Sniffer capture all packets, appeared in your network adapter. Also allows you to dump all packets to pcap format.

Unfortunately that sniffer cold be used on linux systems only :(

Before usage don't forget to add execution permission to file.

cmod +x ./sniff.py

After that you can use program as in the example:

sudo ./sniff.py [options]

Yes, you have to run program with root privileges, because only root able to listen all packets on your network adapter

To dump your traffic in file use -d option with file path, where information sould be saved.

Filter is very simple and is able to filter only by one argument.

General syntax is SOMETHING == VALUE

First kind of filtering packets is by protocol used in it. To filter by proto just use constructions like this:

proto == IP

Allowed protocols are: Ethernet, IP, TCP, UDP, ARP. The list of allowed protocols will be extended soon.

Other kind of filtering is by some attributes of protocols. For example:

TCP.syn == True

IP.src == 127.0.0.1

First part is (protocol of packet).(attribute to be compared), and the second is some Value.

All the attributes of packets you may see here:

TCP.src_port
TCP.dst.port
TCP.syn (True, False)
TCP.ack (True, False)
TCP.push (True, False)
TCP.rst (True, False)
TCP.fin (True, False)
TCP.flags (int, 2, for example is equal to syn)
TCP.seq_num
TCP.ack_num
TCP.data_offset
TCP.urg_ptr
TCP.window_size \

UDP.src_port
UDP.dst_port \

IP.qos
IP.id
IP.flags (int value)
IP.ttl
IP.proto (by integer value)
IP.src
IP.dst

Ethernet.src_mac
Ethernet.dst_mac
Ethernet.typ (type by integer value) \

ARP.h_type (hardware type by integer value)
ARP.p_type (protocol type by integer value)
ARP.h_len (length of hardware address)
ARP.p_len (length of protocol address)
ARP.op (operation by integer value)
ARP.h_src
ARP.p_src
ARP.h_dst
ARP.p_dst