Sniffnet: an open-source tool to monitor Internet traffic
Posted by GyulyVGC@reddit | linux | View on Reddit | 51 comments
Sniffnet creator and maintainer here!
Sniffnet is a completely free app I’ve been working on for more than 3 years now.
Last time I posted about my app here, the most requested feature was to support identifying programs using network bandwidth and well… this is finally possible with todays v1.5 release!
Supporting this feature and making it cross-platform wasn’t straightforward, but after a lot of work (and fun) I’m so excited to finally release it to the public.
I’ll leave relevant links in the comments.
Feel free to ask me anything, feedback is welcome, and I’ll answer as soon as I can.
Ill_Scientist_2239@reddit
Been using your project for a while, aboslutely love it
Demortus@reddit
Hey, I just wanted to say that I love your software. It helped me detect someone trying to ssh into my network a while back. Keep up the good work!
GyulyVGC@reddit (OP)
That’s awesome! I’m glad it helped, and would love to hear more about it if you don’t mind.
Demortus@reddit
Well, on a whim I used your program and saw that I had a lot of ssh service connections. I investigated those connections in my log files and saw that an actor from outside my network was trying to ssh its way in using different combinations of username and passwords. That led me to discover that I had left a port open to my network that I didn't intend to. Once I closed that port, the ssh attempts disappeared.
deny_by_default@reddit
Wouldn’t fail2ban detect that too? Or are you saying you were running an openssh server on a different port?
Demortus@reddit
I wasn't running fail2ban at the time. That might not have stopped them anyway, because whoever was trying to hack their way in was rotating IP addresses.
AvidCyclist250@reddit
Sweet. It's already in the cachyos repo too. Thanks for this.
Teknikal_Domain@reddit
So. Open source glasswire, by the looks?
unbounded65@reddit
Getting libcap error in Ubuntu with the appimage version.
Udab@reddit
same.
unbounded65@reddit
Thank you; I thought it would need that.
Udab@reddit
for me only worked
sudo -E /path
UmbertoRobina374@reddit
https://github.com/GyulyVGC/sniffnet/issues/686
SpeedDaemon1969@reddit
FYI the .deb failed to install re dependencies on Kubuntu 24.04, but that's not going to be around much longer for me. The appimage worked, and now I must figure out why I'm seeing Microsoft IP addresses on HTTPS.
Not_a_Candle@reddit
Might be a service connecting to Azure. Got minecraft installed?
SpeedDaemon1969@reddit
No. I wonder if it's one of the Firefox plugins, or maybe RustDesk.
SalaciousSubaru@reddit
Do you plan to offer this as a Snap or Flatpak?
ComeSwirlWithMe@reddit
I DEMAND FEATURES.. FOR FREE, FOREVER! I'm not sure what features, but MOAR.
Good color scheme, nice layout. Easy to use.
10/10.
rekoil@reddit
Unless I've been doing to wrong google searches, a huge hole in the OSS traffic analysis toolset is a flow collector for netflow/ipfix/sflow records to feed into a tool like this. ntop used to have a flow collector, but it's no longer freeware. The ability to run a monitor like this without it needing to be inline would be amazing.
GyulyVGC@reddit (OP)
Something like this is planned for Sniffnet v1.6 (next major release). My idea is to make Sniffnet able to support collecting flows from multiple clients exporting data in IPFIX format. More info in the dedicated issue.
Not_a_Candle@reddit
Newbie here: Would that mean that I can monitor my whole network traffic with sniffnet via somehow "pulling" packet information from my OpenWRT router?
mikeboucher21@reddit
How does it compare with wireshark?
1esproc@reddit
Wireshark is nothing like this app, two entirely different purposes
mikeboucher21@reddit
This this app doesn't do packet inspection?
1esproc@reddit
It does some basic high level inspection, but Sniffnet is more like a traffic monitor, not a packet dissecting tool for debugging purposes. You can use it to export a pcap to then load up into Wireshark for more in depth analysis.
GyulyVGC@reddit (OP)
Feature-wise, Wireshark is way more complete. Usability-wise I personally judge Sniffnet superior for beginners/intermediate users or even professionals that don’t need to go that deep.
Dear_Studio7016@reddit
I agree with this statement. i'm not sure what I would classify my experience as a network person def not an expert, this is so much easier to read and understand. Thank you.
GyulyVGC@reddit (OP)
I perfectly get how you feel… even if given my studies and working experience I consider myself pretty experience in networking, Wireshark feature richness still makes it mind blowing even for most of my use cases. Without considering that Wireshark interface in itself is way older-styled. But nothing to take away from Wireshark, I honestly judge it a masterpiece of a software… just a whole different set of use cases and level of depth with respect to Sniffnet.
chobolicious88@reddit
This seems fantastic.
Its like a quick overview of everything we want to know.
wolfy1244@reddit
Im gonna use this! Time to replace a limited software with this!
ang-p@reddit
Genuinely nice to see a software release on here that is sponsored by an AI firm (and others) as opposed to being blatantly written by it... You see some real slop on here.
And, having a quick smooch at the wiki, note that I can load previously captured pcap files....
Hmmm... Nice.
GyulyVGC@reddit (OP)
Proudly sponsored by, and most importantly… proudly NOT written by :)
-newhampshire-@reddit
Very cool I used to use EtherApe back in the day but this looks much nicer. I liked that it showed you your endpoints (I was basically most interested in what countries data was flowing to). I will have to give your tool a shot.
Prismatic-Ray@reddit
Flathub?
GyulyVGC@reddit (OP)
Currently for Linux it’s only packaged as DEB, RPM, and AppImage.
There might be some challenges to package it for some formats due to networking access and required privileges.
But I’d love to also have a Flatpak if anyone is willing to help.
See the dedicated issue for more details.
ang-p@reddit
Not just packaging - submission can be an modern feat of virtual eggshell dancing before permabans
ThePoisonDoughnut@reddit
This is very nice! I couldn't find any mention of whether there is a way to change the refresh rate of the overview tab—is this a feature or something that has been considered before?
GyulyVGC@reddit (OP)
Thanks! No, this isn’t a feature and actually I never considered it. Why would you be interested in it?
ThePoisonDoughnut@reddit
Of course, thank you for contributing this app to the community!
That really would be an excellent feature for me, something about interface refresh rates that slow gives me a headache. I almost always run btop at 10 hz which is a bit more than enough to completely eliminate that issue for me.
GyulyVGC@reddit (OP)
I understand, but in that case how would you expect the chart data to behave? I’m not sure it makes sense to report traffic rates for interval less than 1 sec.
ThePoisonDoughnut@reddit
That is a good point, it does actually break btop's rate reporting insofar as the rates it reports are fractionally equivalent to the proportion of a second that the refresh rate is set to. Maybe this is a naïve approach considering I haven't had a chance to check out the current implementation, but I would think you could extrapolate a per-second rate based on the configured sub-second interval, no?
Say we have a refresh interval of 100ms. We measure traffic over that 100ms and multiply the result by 10 (1000/100 in practice) for the projected per-second rate.
GyulyVGC@reddit (OP)
Thanks for the ideas.
ThePoisonDoughnut@reddit
Of course, thank you for hearing me out.
Zealousideal-Gap-963@reddit
grazie giuliano molto bella
GyulyVGC@reddit (OP)
Prego! 🇮🇹
billhughes1960@reddit
Very nice!
joshua_5@reddit
I'm going to perform tests on a couple of servers to verify how it works, visually I see that it's intuitive and I'll validate how easy it is to configure.
scottchiefbaker@reddit
This looks rad! From the README it appears that this monitors traffic on a single host? Anyway to get it to monitor all in/out traffic at the router level?
GyulyVGC@reddit (OP)
Guess what! This is the feature planned for the next major release. See the graphical roadmap. I hope to come here in some months with another post with this feature supported. At the moment I’m planning to add support for parsing network flows in IPFIX format, but feel free to share other ideas if you have any.
Barxxo@reddit
Thank You!
GyulyVGC@reddit (OP)
Relevant links: - GitHub - v1.5 announcement post