SNIff

SNIff is a simple eBPF-based sniffer that goes trough both incomming and outgoing traffic to look for TLS SNI fields. Once a SNI is catched, the connection is tagged (based on the 4-tuple) and every following packets will be counted as traffic for the tagged domain.

How to Build

# Pull libbpf submodule
git submodule update --init --recursive
cd src/
cmake . -BBuild
cd Build
make

How to run

./sniff -i I -t T -o output.txt

I : the ifindex
T : the sampling interval (in seconds)

Example

./sniff -i 2 -t 10 -o output.txt

This will sniff traffic on interface 2 and print results each 10 seconds

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
libbpf @ dea5ae9		libbpf @ dea5ae9
src		src
tools		tools
vmlinux		vmlinux
.gitignore		.gitignore
.gitmodules		.gitmodules
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SNIff

How to Build

How to run

Example

About

Releases

Packages

Languages

cdelzotti/SNIff

Folders and files

Latest commit

History

Repository files navigation

SNIff

How to Build

How to run

Example

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages