Pcap Sniffer

Go To Product Page

Pcap Sniffer simplifies network traffic analysis by providing a streamlined, binary-friendly interface for capturing and inspecting raw packets. Built on the libpcap framework, it enhances traditional sniffing with a readable logging format and supports advanced testing through the injection of custom packets, making it a versatile tool for diagnostics, protocol analysis, and security evaluation.

Basic Setup

  1. In IO Ninja, click the “New Session” dropdown and select “Pcap Sniffer”.

_images/pcap-sniffer-new-session.png
  1. In the “Filter:” field, type a capture filter, e.g. “port 137”.

For more information on pcap filters, please see the official documentation.

_images/pcap-sniffer-filter.png
  1. Select your network interface from “Device:”.

_images/pcap-sniffer-adapter.png
  1. Click the “Capture” button to the right of the “Device:” dropdown to start capturing traffic.

_images/pcap-sniffer-capture.png
  1. Adjust settings as needed via the “Settings” button (see “Settings” section below for details).

Settings

_images/pcap-sniffer_settings.png

Setting

Description

Default

Device

The device to capture.

Promiscious mode

Promiscuous mode allows the capture of all packets on the network segment, regardless of their destination MAC address. This includes packets not addressed to the host machine, enabling comprehensive traffic analysis.

False

Capture filter

Term to filter with when capturing packets.

IP fragment limit

The maximum number of IP fragments. IP fragments refer to the pieces of a larger IP packet that has been broken up for transmission across a network.

8

IP fragment timeout (ms)

The maximum delay between IP fragments.

10000

Snapshot size

Pcap (packet capture) snapshot size. The snapshot size is the maximum number of bytes per packet that the capture tool will store in the capture buffer.

65536

Kernel buffer size

Pcap (packet capture) kernel buffer size. Kernel buffer is a memory space allocated in the OS kernel to temporarily store packets that arrive on the network interface before they are handed over to an application.

0

RX buffer size (B)

The full size of the incoming data (RX) buffer. Affects read throughput.

1048576

RX buffer full notifications

Toggle warnings in log about the incoming data (RX) buffer getting full.

False

Pcap filter

Term to filter with when displaying packets.