Sniffnet works like a charm if you just want to monitor and observe” network traffic, but it may not be suitable for advanced network analysis or troubleshooting purposes.
Sniffnet is a great tool to use if you want to easily keep an eye on network traffic.
It has a simple GUI interface that lets you filter the network based on the application’s protocol and sends you an alert when a set threshold limit is reached.
All you need to do is get the required dependencies for the application and then install Sniffnet on your device, and you will be ready to use it in no time.
But before we start with the installation process, let me show you some of the features you will be able to access once you install Sniffnet.
Table of Contents
Some of the key features of Sniffnet are as follows:
- Option to select the network adapter for which you want to monitor network traffic
- Set a filter on the basis of application protocols (IP version, TCP, and UDP)
- Real-time chart to monitor traffic intensity (bytes and packets per second, incoming and outgoing)
- Sort the data in the following ways: Most recently, most packets, most bytes, and favorites
- You will be notified when the byte or packet threshold limit is reached.
- Mark specific connections as favorites
- Traffic summary of your network activity
- Export data to text file
- Multilingual Support
- Four different themes
And there are many more features that you will discover once you begin using it.
Sniffnet is a tool that works on multiple platforms, so it can be set up on Windows, Linux, and macOS.
So if you have a supported operating system, all you need is the appropriate binary file, which you can obtain by clicking the button below.
Install Snippnet on Ubuntu/Debian
If you’re running a Debian/Ubuntu-based distribution, run the following command to get the latest sniffet release.
$ wget https://github.com/GyulyVGC/sniffnet/releases/download/v1.1.2/Sniffnet_Linux.deb
Next, you need to fulfil a few dependencies required for Sniffet” to run smoothly, like libpacp to capture network data in real time, libasound2-dev to get alert sounds, and libfontconfig and libfontconfig1-dev related to fonts.
$ sudo apt install libpcap-dev $ sudo apt install libasound2-dev $ sudo apt install libfontconfig libfontconfig1-dev
I believe your terminal window is still up, so execute the next command to install Sniffnet_Linux.deb.
$ sudo apt install ./Sniffnet_Linux.deb
Once you are done with installation, you can run Sniffnet from the terminal by typing
If you don’t want to use sudo to run Sniffnet, copy and paste the following command into your terminal:
$ sudo setcap 'cap_net_raw,cap_net_admin=eip' $(which sniffnet)
After running the above command, you can now use Sniffet without sudo.
Install Sniffnet from Homebrew
You can make the installation process simple if you are using homebrew on your Linux computer, if you are not aware of homebrew, then check out this article on why and how to setup homebrew on your Linux distribution.
brew install sniffnet
If you want Sniffnet to work without sudo privilege, then run the following command:
$ sudo setcap 'cap_net_raw,cap_net_admin=eip' /home/linuxbrew/.linuxbrew/Cellar/sniffnet/1.1.2/bin/sniffnet
Sniffnet is easy to start from your terminal screen, but you should also make a desktop icon for it so you can get to it quickly whenever you need to.
If you are ok with launching Sniffnet from the command line, then no problem, but if you want to create an icon, then I’ll suggest that you read this article.
Get Started with Sniffnet
When you launch Sniffnet, you will see a similar interface on your screen, with options to select the network adapter on which you want to monitor traffic.
If you see on the right side that you can filter traffic based on IP version, you can choose just IPv4 if you only want to send IPv4 traffic to the monitor.
In addition, you can also filter traffic on the basis of transport and application protocols like FTP, SSH, HTTP, HTTPS, POP, NTP, and other 18 protocols.
By default, all 24 application protocols will be monitored and identified. If you want to monitor an individual service, you can select the protocol name from “Application protocol.”
Once you are satisfied with the options, click on the Launch icon to start monitoring traffic.
As you make a click on the launch icon, you will be moved to new interface. And this interface has the option to go back to the main interface, settings, overview, and notification tabs.
I’m sure when you enter overview mode, your eyes get direct contact with a graph that reflects changes in traffic rate, which you can change to bytes per second or keep as packets per second.
On the right side of the interface, you find a summary of the network traffic, such as active filters, filtered packets & bytes, and filters on the basis of the number of application protocols.
At the bottom you will find the relatime update, which you can filter connection details by switching options to most recent, most packets, and most bytes.
If you have marked any connection as a favourite, then it appears in your favourites.
And if you want to extract all the realtime data to file, click on the export icon, or you can press Ctrl + O.
Monitor SSH Traffic
As I previously stated, you can monitor traffic by filtering connections based on the application protocol, which will allow you to introspect on the data that is being transmitted.
Say I want to watch the SSH traffic movement on my network, then I need to change the application protocol from “ALL” to “SSH” from the main interface.
For this, first you need to come out of the overview tab by pressing backspace to stop analysis, make the changes as shown below, and click on the launch icon.
As soon as Sniffnet finds the active SSH connection, it will start watching the traffic and showing the data in real time.
Let me SSH to one of my machines and see how Sniffnet captures and presents the information to the screen.
Now if you make any changes to the ssh connected machine, it will reflect the changes here because the data is transmitting through the network and everything we will be monitoring.
Of course, it’s not as powerful as Wireshark, but still, it’s not a bad option to have a quick look at the network traffic.
Set Notification Alert
Sniffnet also allows you to set an alert when a packet or byte threshold is exceeded and new data changes have been detected in your favourite list of addresses.
To set a notification alert, you need to get into the setting options by pressing Ctrl + S, which will open the setting prompt, and under that go to the “Notifications” tab.
Here you will find the three options:
- Notify me when a packets threshold is exceeded
- Notify me when a packets threshold is exceeded
- Noitfy me when new data are exchaged from my favorites
For example, if I choose to be notified when a certain number of packets per second is exceeded, the Sniffet programme will alert me with the selected sound.
To view notifications, change the tab to “Notifications”, and to clear them, press Ctrl + D.
This setting for notifications will stay in place even after you close the application, but notifications will be lost when you quit the application.
That’s all for this article, where I have shared with you the amazing tool that you can use to monitor network traffic, analysing the type of traffic (HTTP, FTP, etc.), and determining the amount of data transferred between the source and destination IP addresses.
There are a few things left to discuss, but they are not very important to show here. If you like this article and tool, then let us know in the comment section.
And if you really like the project, don’t forget to star it on Github.
Some suggestion for you to read:
Viva la Vida!
A man with a tech effusive who has explored some of the amazing technology stuff and is exploring more. While moving towards, I had a chance to work on Android development, Linux, AWS, and DevOps with several open-source tools.