Tool 10: Sniff and display network statistics
Description:
This tool sniffs and displays some basic network statistics.
It supports 7 groups: Ethernet/link, ARP, IPv4, IPv6, UDP, TCP, ICMP.
For each one, it displays: packet count (count), sum of packet sizes
(size), percentage of packet count (c%) and percentage of size (s%).
Display is updated at most every second.
Parameter --device indicates on which device to sniff. Please note
that under some systems, such as Windows, sniffing on some devices is
not supported.
Parameter --filter defines the sniff filter. It permits to restrict
captured packets. This kind of filter is named a BPF or pcap filter.
Basic elements of a filter are:
host 1.2.3.4
net 192.168.10
net 192.168.10.0 mask 255.255.255.0
net 192.168.10.0/24
port 21
dst host 1.2.3.4
src port 2345
ether host a:b:c:d:e:f ('ether a:b:c:d:e:f' is not working)
ether src aa:bb:cc:dd:ee:ff
ip
arp
rarp
tcp
icmp
udp
Here are filter examples:
"host 1.2.3.4"
"net 192.168 and icmp"
"host 1.2.3.4 or dst port 80"
"(udp or tcp) and not host 1.2.3.4"
Synonyms:
ip4, ip6, mac, show
Usage:
netwox 10 [-d device] [-f filter]
Parameters:
| parameter |
description |
example |
| -d|--device device |
device name |
Eth0 |
| -f|--filter filter |
pcap filter |
|
Example:
netwox 10