Description: This application is a network sniffing application for KDE. It needs a lot of features I'm working on, of course it's not yet complete but you can use it because it's in a stable state.
Here what KSniffer does (for a complete list go to http://www.ksniffer.org/index.php?section=features): - Capture network packets from the configured network interfaces. - Open/save files in the pcap format (used by tcpdump and Ethereal/Wireshark) using also the KDE network transparency. - Show some information on the captured packets (how many bytes the single packet is, what protocols are included,... as shown in the second screenshot). - Let you investigate on the source or destination IP address doing: whois/traceroute/ping/dig/host/nslookup on the IP according the binaries installed on your system. (Click with right mouse button on the source/destination IP address to do this.) - Let you can choose if you want to stop the capturing packets operation manually or automatically after a time/number of packets/size of the captured packets you specify. - Let you set different operations on the view (for example you can show the packets after you stopped the capture step).
The last code release is into SVN KDE in trunk/playground/network .
Help is always welcome, also like tester. If you want to make KSniffer useful you're welcome. A list of things to do is in TODO file.
The version 0.3.2 is a stable version. From 0.3.1 was fixed some bugs and added some small features. This version contains all available translations. Feedbacks on features and bugs are welcome. Help, translations and donations are welcome too. To know how to donate, give help or contact me see the website. New binaries packets are needed. Help to spread this application if you can.
Thank you, GiovanniLast changelog:
KSniffer 0.3.2 [21 February 200 - More information for ARP protocol - More information for TCP protocol - More information for UDP protocol - Added useful information in the "Information" column for UDP/TCP protocol - Recognized protocols from the packet for the "Protocol" column - Splitted the configuration dialog in 2 groups: 1. Capture 2. GUI - Added the "Show the RAW Packet frame on the right of/under the Packet Details frame" option - Let "Save as" enabled after you saved the file so you can save it elsewhere if you need - Fixed the "network transparency doesn't work in some cases" bug - Fixed the "losting last packets from the view" bug - Fixed the "detecting parse errors in XML file for ksniff" bug
KSniffer 0.3.1 [30 September 2007] - fixed recognized MAC address for ARP protocol - a more detailed packets raw view - disable "New Capture" if you have problem with ksniff permissions - optimize the parsing of /etc/services file - some more information for ICMP protocol - let you sniff also on special network devices with no MAC address - fixed a crash when stopping the file loading - a faster startup
KSniffer 0.3 [21 Jul 2007]: - new icon and splashscreen thanks to Carmine De Rosa - fixed crash when you click on a captured packet after you tryed to open a file, but you didn't open it - give the port name to UDP and TCP connections getting them from /etc/services file - show raw bytes of a selected packet from the list of the captured one - changed "sniff" application name to "ksniff" to avoid name conflicts with other sniffing applications - fixed bug that avoid saving sniffed data quitting from the application - get the list of the network interfaces that have different MAC addresses - check ksniff permissions to avoid users think KSniffer doesn't work: Debian/*ubuntu/OpenSuSE remove the suid bit: a warning dialog will appear in case ksniff ha not found or has not the SUID bit
KSniffer 0.2 [11 Feb 2007]: - add/remove KSniffer in/from the system tray bar - added KSniffer option dialog:
- sniffer settings: * display packets after you stopped capture available
- capture settings: * stop manually * stop after X packets * stop after X bytes/kilobytes/megabyes/gigabytes * stop after X seconds/minutes/hours/days
- added data for TCP detail display
- added pause/continue capture
- reading ports name from system (file /etc/services)
- quick search added (dependancy from kdelibs >= 3.3)
- better management for loading file
- better management for temporary file
- root privileges don't need anymore for the GUI
- removed sorting feature cause of bad performing for lots of packets
- getting information on IP: can be detected some networking information on source or destination selected IP: * whois * traceroute * ping * dig * host * nslookup
- compiling on FreeBSD and some other Linux platform
- fixed boring bugs
KSniffer 0.1.1 [1 Aug 2005]: - updated nl translation - fixed configure warning - fixed compiling with KDE 3.2 - fixed compiling on 64 bits architecture systems
KSniffer 0.1 [30 Jul 2005]: - starting network packet-capture session - opening libpcap format file - drag & drop for libpcap format file - saving in libpcap format file the captured packet session - actived the open recent file menu item - stopping network packet-capture session - tray bar menu - packet details display - when capture was stopped you can sort packets list by: frame number, time, source address, destination address, protocol - detected protocols: IP, TCP, UDP, ICMP, ARP
Well, I don't know when I will start the KDE4 port. I want to fix some bugs and release some other version with new features too, but I have not too much time to dedicate in this period :( .
Well, why this question? You start as all KDE applications except some specific distributions as could be Debian/Ubuntu, ... as reported here
http://www.ksniffer.org/index.php?section=installation
Simply use:
sudo ksniffer
or
kdesu ksniffer
to start it if you got troubles. KSniffer should detect if your installation is ok or not. Or did you mean where to get a Fedora Core package? Because I don't know if someone is working on a Fedora package... I need packagers too, as said here: http://www.ksniffer.net/index.php?section=faq
Let me know.
well , when i use kdesu ksniffer it shows that command ksniffer not found.
i installed it as describe in install file. but there is no installation step for Fedora.
any suggestion ?
Well if it doesn't find ksniffer than you you didn't install it. Maybe you lost kdelibs-devel, libpcap-devel, libxml2-devel . If you get a "ksniffer" binary in your source compiled directory it's impossible that when you execute:
make install
to install it you don't find the binary in your PATH
It seems like a nice programm but what does it do ?
You state it lacks a lot of functionality, but what users want to know is what your application does, we are less interested in what it doesn't do.
Please adjust your description so that we know what your app is meant for.
Thanks :)
Lightwarrior
Updated. I will fix this also on the website later.
Can you use my application and see if I can add some other things to this description or if it's enough for you? Can you give me your feedback on KSniffer 0.3.2?
This is a very nice program.
my personal wish would be to add more icons. For example, there could be a widget where some computer icons are listed, and we can differ between the
CURRENT_COMPUTER (the one ksniffer is running)
- LAN computers (like intranet computers)
- OUTSIDE computers
etc..
This graphical add-on could even be made so easy for a user to right click on an icon and select some actions like "capture incoming packets from this computer" as well!
Hi
Nice app :) When it's capturing is there any chance the packets could appear on the screen in realtime. At the moment the results only appear when you've stopped capturing the packets.
Thanks
Dave
Of course you can. Go to see the Configure dialog. It's an option: you can see in real time and you can see after you stopped capturing. Go to the menu: Tool/Configure KSniffer and set the wanted option.
Possible add option to saving files transiting on the network, like OWNS ?
http://owns.sf.net (see Screenshots)
that's good idea, because no network analyzer support this... ;)
Thanks.
KSniffer is network indipendent because use KDE ioslave... You can save or load file over the network... You can save a file on a remote FTP server or load a file from an SSH server like you want. You have to specify the complete URL in dialog when you load or save a file.
Which pakages do i need to allow ksniffer to capture some packet?
The problem is that i hit the Capture button and theres always a warning saying "you got no packets" but im sure theres traffic in the net.
Ratings & Comments
58 Comments
KSniffer 1.0 for KDE 4.4 is coming :)
Hi, I wonder when do you think to port to qt4? Thanks.
Well, I don't know when I will start the KDE4 port. I want to fix some bugs and release some other version with new features too, but I have not too much time to dedicate in this period :( .
Do you use KSniffer? Do you like it? bug report? Suggestions? Whishlist? :)
How to start ksniffer in Fedora ? afer install ksniffer.
Well, why this question? You start as all KDE applications except some specific distributions as could be Debian/Ubuntu, ... as reported here http://www.ksniffer.org/index.php?section=installation Simply use: sudo ksniffer or kdesu ksniffer to start it if you got troubles. KSniffer should detect if your installation is ok or not. Or did you mean where to get a Fedora Core package? Because I don't know if someone is working on a Fedora package... I need packagers too, as said here: http://www.ksniffer.net/index.php?section=faq Let me know.
well , when i use kdesu ksniffer it shows that command ksniffer not found. i installed it as describe in install file. but there is no installation step for Fedora. any suggestion ?
Well if it doesn't find ksniffer than you you didn't install it. Maybe you lost kdelibs-devel, libpcap-devel, libxml2-devel . If you get a "ksniffer" binary in your source compiled directory it's impossible that when you execute: make install to install it you don't find the binary in your PATH
It seems like a nice programm but what does it do ? You state it lacks a lot of functionality, but what users want to know is what your application does, we are less interested in what it doesn't do. Please adjust your description so that we know what your app is meant for. Thanks :) Lightwarrior
Updated. I will fix this also on the website later. Can you use my application and see if I can add some other things to this description or if it's enough for you? Can you give me your feedback on KSniffer 0.3.2?
This is a very nice program. my personal wish would be to add more icons. For example, there could be a widget where some computer icons are listed, and we can differ between the CURRENT_COMPUTER (the one ksniffer is running) - LAN computers (like intranet computers) - OUTSIDE computers etc.. This graphical add-on could even be made so easy for a user to right click on an icon and select some actions like "capture incoming packets from this computer" as well!
http://www.slacky.eu/index.php?option=com_content&task=view&id=2489&Itemid=56
Hello, at the moment there are few binaries packets. Can someone produce binaries for OpenSuSE, Fedora, Arch Linux, and so on? I will thank you.
Great job Giovanni, thank you! :-)
Thank you for this message :)
Hi Nice app :) When it's capturing is there any chance the packets could appear on the screen in realtime. At the moment the results only appear when you've stopped capturing the packets. Thanks Dave
Of course you can. Go to see the Configure dialog. It's an option: you can see in real time and you can see after you stopped capturing. Go to the menu: Tool/Configure KSniffer and set the wanted option.
Possible add option to saving files transiting on the network, like OWNS ? http://owns.sf.net (see Screenshots) that's good idea, because no network analyzer support this... ;) Thanks.
KSniffer is network indipendent because use KDE ioslave... You can save or load file over the network... You can save a file on a remote FTP server or load a file from an SSH server like you want. You have to specify the complete URL in dialog when you load or save a file.
Well, I wanted to say "network trasparent" :)
network transparent
Which pakages do i need to allow ksniffer to capture some packet? The problem is that i hit the Capture button and theres always a warning saying "you got no packets" but im sure theres traffic in the net.
Mmm, I think to know about it. It's a bug fixed with the next release... Can you write me and told me about what is your Linux distro?
I'm using SuSE Linux 10.0
run ksniffer with kdesu and you will fix this... OpenSuSE and Debian is made too complex to let work this kind of program easily.