-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Data source selection
After having installed the application, you're finally ready to use it!
Sniffnet's initial page displays different options to configure the network traffic analysis before actually starting to capture data.
The first option we focus on is the selection of the data source, visible in the left portion of the page.
Sniffnet supports two alternative sources to capture traffic data from:
Let's examine them one by one.
The first option is to capture traffic data from one of the network adapters available on your machine.
This is the most common way to use Sniffnet, as it allows you to monitor real-time traffic data flowing in and out of your computer.
In the left portion of the page you can find a scrollable column containing the list of all the available network adapters on your machine.
This list is dynamically kept up to date: this means that if you disconnect one of the adapters or bring up a new one, the relative changes will be reflected here.
Each item of the list is a device (either physical or virtual) from which data will be captured and analysed by Sniffnet.
For each entry are reported:
- its name and/or description
- the list of all its active IPv4 and IPv6 addresses
The currently selected adapter has its border highlighted, and you can select a different one simply by clicking on the corresponding entry.
By default, Sniffnet will select the adapter that's marked as the main network interface by the system, but this is not guaranteed to be the traffic source you actually want to inspect.
Typically, you'll want to inspect your Ethernet adapter, that's the one exchanging most of the traffic incoming to or outgoing from your machine.
Tip
A possible, easy way to choose the correct adapter is to look at the list of its addresses: there are good chances that the interface you want to monitor has an active IPv4 address; you can easily recognise them because composed of 4 numbers separated by a dot character (.) β in the picture above this is the case of the en0 adapter with IPv4 address 192.168.1.103.
In case the default adapter is not what you meant to inspect, Sniffnet will remember your selection so that when you restart again the app you won't have to worry about this aspect any longer.
An alternative way to use Sniffnet is to analyse network data stored in a file.
PCAP (Packet Capture) is a file format used to store network traffic, and it can be generated by various tools such as Wireshark or tcpdump.
Sniffnet can read PCAP files and display the captured data in a user-friendly way, allowing you to analyse past network activity.
Select "Capture file" from the dropdown, and a button to import such kind of files will appear:
Clicking on it will open a selection dialog, allowing you to choose a PCAP file from your local filesystem.
Note
The following sections of the Wiki will focus on the usage of Sniffnet with network adapters as data source, since it's the most common way to use the app.
However, the same concepts are applicable to PCAP files as well, with the only difference that instead of referring to real-time network data, it would be about previously captured traffic that was saved in a file.