KSniffer features
KSniffer has the following features:
- Capture the packets from the enabled network interfaces (eth0, eth1, ...)
- Capture from special network devices with no MAC address (tun0, ...)
- Get information from the packets: ARP, TCP/IP, UDP, ICMP protocol
- Display a summary packet information in the "Information" column for ARP, TCP/IP, UDP, ICMP protocol
- Recognize service protocols (POP3, IMAP, HTTP, DOMAIN, ...) from the packet for the "Protocol" column comparing the port number with the one known by the Operative System (using the /etc/services file)
- Show raw bytes of a selected packet from the list of the captured one
- Disable "New Capture" if the sniffer backend permissions are not set correctly
- Pause/resume capture
- Packets quick search
- Get information on an IP address: can be detected some networking information (if on your system are installed the right tools)
on a source and destination selected IP (click on an IP address with the right mouse button):
- whois
- traceroute
- ping
- dig
- host
- nslookup
- Load/save libpcap format file
- Load a recent file menu item
- Drag & drop available for a libpcap format file
- Configure the application by a dialog: capture and GUI option available
- Capture settings:
- Specify temporary directory
- Interrupt capture:
- Manually
- After X packets
- After X bytes/kilobytes/megabyes/gigabytes
- After X seconds/minutes/hours/days
- GUI settings:
- Display captured packets after stopped capturing
- Add/remove KSniffer icon in the system tray bar
- Warn if you got no packets
- Show splash screen
- Show the service name in the Protocol column
- Show the RAW Packet frame on the right of/under the Packet Details frame
![[Valid RSS]](images/valid-rss-rogers.png "Validate my RSS feed")
