Versions Compared

Old Version 9

changes.mady.by.user Guntis G.

Saved on

compared with

New Version 10

changes.mady.by.user Edgars P.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A packet sniffer is a tool that can capture and analyze packets that are going to, leaving, or going through the router. Packet sniffing is very useful when you diagnose networks or protect against security attacks over networks.

...

PropertyDescription
file-limit (integer 10..4294967295[KiB]; Default: 1000KiB)File size limit. Sniffer will stop when a limit is reached.
file-name (string; Default: )Name of the file where sniffed packets will be saved.
filter-cpu (integer; Default: )CPU core used as a filter.
filter-ip-address (ip/mask[,ip/mask] (max 16 items); Default: )Up to 16 ip IP addresses used as a filter.
filter-dst-macip-address (macip/mask[,macip/mask] (max 16 items); Default: )

Up to 16

MAC addresses and MAC address masks

IP destination addresses used as a filter

.

filter-src-ip-address (ip/mask[,ip/mask] (max 16 items); Default: )

Up to 16 IP source addresses used as a filter.

filter-ipv6-address (ipv6/mask[,ipv6/mask] (max 16 items); Default: )Up to 16 IPv6 addresses used as a filter.
filter-dst-ipv6-address (ipv6/mask[,ipv6/mask] (max 16 items); Default: )Up to 16 IPv6 destination addresses used as a filter.
filter-src-ipv6-address (ipv6/mask[,ipv6/mask] (max 16 items); Default: )Up to 16 IPv6 source addresses used as a filter.
filter-mac-address (mac/mask[,mac/mask] (max 16 items); Default: )Up to 16 MAC addresses and MAC address masks used as a filter.
filter-port ([!]port[,port] (max 16 items); Default: )Up to 16 comma-separated ports used as a filter. A list of predefined port names is also available, like ssh and telnet.
filter-dst-port ([!]port[,port] (max 16 items); Default: )Up to 16 comma-separated destination ports used as a filter. A list of predefined port names is also available, like ssh and telnet.
filter-srcfilter-port ([!]port[,port] (max 16 items); Default: )Up to 16 comma-separated entries source ports used as a filter. A list of predefined port names is also available, like ssh and telnet.
filter-ip-protocol ([!]protocol[,protocol] (max 16 items); Default: )Up to 16 comma-separated entries IP/IPv6 protocols used as a filter. IP protocols (instead of protocol names, protocol numbers can be used):
  • ipsec-ah - IPsec AH protocol
  • ipsec-esp - IPsec ESP protocol
  • ddp - datagram delivery protocol
  • egp - exterior gateway protocol
  • ggp - gateway-gateway protocol
  • gre - general routing encapsulation
  • hmp - host monitoring protocol
  • idpr-cmtp - idpr control message transport
  • icmp - internet control message protocol
  • icmpv6 - internet control message protocol v6
  • igmp - internet group management protocol
  • ipencap - ip encapsulated in ip
  • ipip - ip encapsulation
  • encap - ip encapsulation
  • iso-tp4 - iso transport protocol class 4
  • ospf - open shortest path first
  • pup - parc universal packet protocol
  • pim - protocol independent multicast
  • rspf - radio shortest path first
  • rdp - reliable datagram protocol
  • st - st datagram mode
  • tcp - transmission control protocol
  • udp - user datagram protocol
  • vmtp - versatile message transport
  • vrrp - virtual router redundancy protocol
  • xns-idp - xerox xns idp
  • xtp - xpress transfer protocol
filter-mac-protocol ([!]protocol[,protocol] (max 16 items); Default: )Up to 16 comma separated entries used as a filter. Mac protocols (instead of protocol names, protocol number can be used):
  • 802.2 - 802.2 Frames (0x0004)
  • arp - Address Resolution Protocol (0x0806)
  • homeplug-av - HomePlug AV MME (0x88E1)
  • ip - Internet Protocol version 4 (0x0800)
  • ipv6 - Internet Protocol Version 6 (0x86DD)
  • ipx - Internetwork Packet Exchange (0x8137)
  • lldp - Link Layer Discovery Protocol (0x88CC)
  • loop-protect - Loop Protect Protocol (0x9003)
  • mpls-multicast - MPLS multicast (0x8848)
  • mpls-unicast - MPLS unicast (0x8847)
  • packing-compr - Encapsulated packets with compressed IP packing (0x9001)
  • packing-simple - Encapsulated packets with simple IP packing (0x9000)
  • pppoe - PPPoE Session Stage (0x8864)
  • pppoe-discovery - PPPoE Discovery Stage (0x8863)
  • rarp - Reverse Address Resolution Protocol (0x8035)
  • service-vlan - Provider Bridging (IEEE 802.1ad) & Shortest Path Bridging IEEE 802.1aq (0x88A8)
  • vlan - VLAN-tagged frame (IEEE 802.1Q) and Shortest Path Bridging IEEE 802.1aq with NNI compatibility (0x8100)
filter-stream (yes | noyes | no; Default: yes)Sniffed packets that are devised for the sniffer server are ignored.
filter-size (integer[-integer]:0..65535; Default:  yes )Sniffed packets that are devised for the sniffer server are ignoredFilters packets of specified size or size range in bytes.
filter-direction (any | rx | tx; Default: )Specifies om which direction filtering will be applied.
filter-interface (all | name; Default: all)Interface name on which sniffer will be running. all indicates that the sniffer will sniff packets on all interfaces.
filter-operator-between-entries (and | or; Default: or)Changes the logic for filters with multiple entries.
memory-limit (integer 10..4294967295[KiB]; Default: 100KiB)Memory amount used to store sniffed data.
memory-scroll (yes | no; Default: yes)Whether to rewrite older sniffed data when the memory limit is reached.
only-headers (yes | no; Default: no)Save in the memory only the packet's headers, not the whole packet.
streaming-enabled (yes | no; Default: no)Defines whether to send sniffed packets to the streaming server.
streaming-server (IP; Default: 0.0.0.0)Tazmen Sniffer Protocol (TZSP) stream receiver.

...

The quick mode will display results as they are filtered out with a limited-size buffer for packets. There are several attributes that can be set up for filtering. If no attributes are set current configuration will be used.

...

The submenu shows the list of hosts that were participating in the data exchange you've sniffed.

...