Tool 8: Sniff and display open ports
Description:
This tool sniffs packets, and tries to decode TCP and UDP packets in
order to retrieve port number they use.
For UDP, spoofed packets are not checked.
For TCP, only SYN-ACK are searched (so port scans are ignored).
Parameter --device indicates on which device to sniff. Please note
that under some systems, such as Windows, sniffing on some devices is
not supported.
Parameter --filter defines the sniff filter. It permits to restrict
captured packets. This kind of filter is named a BPF or pcap filter.
Basic elements of a filter are:
host 1.2.3.4
net 192.168.10
net 192.168.10.0 mask 255.255.255.0
net 192.168.10.0/24
port 21
dst host 1.2.3.4
src port 2345
ether host a:b:c:d:e:f ('ether a:b:c:d:e:f' is not working)
ether src aa:bb:cc:dd:ee:ff
ip
arp
rarp
tcp
icmp
udp
Here are filter examples:
"host 1.2.3.4"
"net 192.168 and icmp"
"host 1.2.3.4 or dst port 80"
"(udp or tcp) and not host 1.2.3.4"
This tool may need to be run with admin privilege in order to sniff.
Synonyms:
capture
Usage:
netwox 8 [-d device] [-f filter]
Parameters:
| parameter |
description |
example |
| -d|--device device |
device name |
Eth0 |
| -f|--filter filter |
pcap filter |
|
Example:
netwox 8