Tool 9: Sniff and display Ethernet addresses
Description:
This tool sniffs packets, and tries to decode them. Then, Ethernet
address associated to decoded IP address is displayed.
It uses ARP, RARP and IP to obtain this information.
Please note, this will be inaccurate if IP address is outside the
Ethernet LAN. It works well in all other cases.
Parameter --device indicates on which device to sniff. Please note
that under some systems, such as Windows, sniffing on some devices is
not supported.
Parameter --filter defines the sniff filter. It permits to restrict
captured packets. This kind of filter is named a BPF or pcap filter.
Basic elements of a filter are:
host 1.2.3.4
net 192.168.10
net 192.168.10.0 mask 255.255.255.0
net 192.168.10.0/24
port 21
dst host 1.2.3.4
src port 2345
ether host a:b:c:d:e:f ('ether a:b:c:d:e:f' is not working)
ether src aa:bb:cc:dd:ee:ff
ip
arp
rarp
tcp
icmp
udp
Here are filter examples:
"host 1.2.3.4"
"net 192.168 and icmp"
"host 1.2.3.4 or dst port 80"
"(udp or tcp) and not host 1.2.3.4"
This tool may need to be run with admin privilege in order to sniff.
Synonyms:
capture, mac, show
Usage:
netwox 9 [-d device] [-f filter]
Parameters:
| parameter |
description |
example |
| -d|--device device |
device name |
Eth0 |
| -f|--filter filter |
pcap filter |
|
Example:
netwox 9