sniff.py

List available network interfaces and select one to start capturing packets (requires sudo)

$ sudo sniff.py

$ sudo sniff.py | sudo tee [path/to/output_file]

python3 sniff.py [options] [interface]

--interface or -i
    Specifies the network interface to listen on (e.g., `eth0`, `wlan0`).

--count or -c
    Specifies the maximum number of packets to capture before exiting.

--filter "" or -f ""
    Applies a packet filter using a syntax similar to BPF (Berkeley Packet Filter) to capture only relevant packets.

--verbose or -v
    Increases the verbosity of the output, showing more detailed packet information.

--output or -o
    Saves captured packets to a specified file (e.g., PCAP format).

`sniff.py` typically refers to a custom Python script designed to capture and analyze network packets passing through a specified network interface. Unlike standard system utilities, its exact functionality, options, and capabilities are entirely dependent on its internal Python code. Common features found in such scripts include the ability to listen on a specific network interface, filter packets based on various criteria (e.g., source/destination IP, port, protocol), and display captured packet details. Many `sniff.py` implementations leverage powerful Python libraries like `Scapy` for packet manipulation and parsing, or low-level raw sockets for direct interaction with network interfaces. It's often used for network diagnostics, security analysis, or educational purposes to understand network protocols.

`sniff.py` is not a standard, pre-installed Linux command. Its existence and functionality depend entirely on a Python script named `sniff.py` being present and executable on your system.

Running network sniffers typically requires root privileges (e.g., using `sudo`) to access raw sockets or specific network interfaces.

The script may require specific Python libraries (e.g., `Scapy`, `dpkt`, `pcapy`) to be installed (`pip install `).

Error handling and robustness vary greatly depending on the script's implementation.

• Scapy: A powerful interactive packet manipulation program. It can forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.
• sockets: Python's built-in module for low-level network communication, often used for creating raw sockets to capture all network traffic.
• pcapy / dpkt: Libraries providing bindings to `libpcap` (for capturing packets) and functionalities for parsing common network protocols, respectively.

The concept of network packet sniffing dates back to the early days of networking, with tools like `tcpdump` emerging in the 1980s. With the rise of scripting languages, Python became a popular choice for developing custom network tools due to its extensive library ecosystem. While there isn't a single "official" `sniff.py` history, the practice of writing Python scripts for network sniffing became prevalent with the development of libraries like Scapy (released in the early 2000s), enabling easier interaction with network protocols and raw packet data for developers and security researchers.

tcpdump(8), wireshark(1), tshark(1)