-
Notifications
You must be signed in to change notification settings - Fork 1
/
groinc.1
151 lines (151 loc) · 4.5 KB
/
groinc.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
.TH GROINC 1 "2007-11-02" "version 0.0.10" "Groinc"
.SH NAME
groinc \- The simple network sniffer
.SH SYNOPSIS
.TP
.B groinc
.RB [ \-option ]
.RB [ \-DSG
.IR "ip addr" ]
.RB [ \-dsg
.IR "port number" ]
.RB [ \-F
.IR regex ]
.RB [ \-p
.IR "protocol name" ]
.RB [ \-l
.IR number ]
.RB [ \-t
.IR time (seconds)]
.SH DESCRIPTION
Groinc is a simple text-mode sniffer. You can use complexe filters for
datalink,network and transport layer protocols and data.
.PP
There is a regex filter for layers over the transport layer. You can
save or load your captures in a file. You have the choice between a lot
of type of display (from simple to very detailed). A lot of protocols
are available.
.SH EXAMPLES
.TP
To sniff all the network trafic on this machine and use the simple display : \c
.B groinc
.TP
To sniff trafic from or to the server pointed by "domain.tld" and use the simple display without resolv the machines addresses : \c
.B groinc -G domain.tld -j
.TP
To sniff TCP trafic on port 80 and display protocols headers: \c
.B groinc -v -p tcp -g 80
.TP
To sniff ARP trafic, stopping after 20 packets received, using hexadecimal display: \c
.B groinc -H -p arp -l 20
.TP
To sniff UDP trafic which have a destination IP in the subnetwork 192.168.0.0 whick have for network mask 255.255.0.0 and source port 53, saving capture in the file file.cap: \c
.BI "groinc -q -w file.cap -p udp -D 192.168/16 -s 53" " or " "groinc -q -w file.cap -p udp -D 192.168.0.0:255.255.0.0 -s 53"
.TP
To sniff all the trafic during 20 seconds and display headers and data: \c
.B groinc -v -a -t 20
.SH FILTER OPTIONS
.TP
.BI "-m --sourcemac " "MAC address" \c
\& The MAC adress of the source
.TP
.BI "-M --destmac " "MAC address" \c
\& The MAC adress of the destination
.TP
.BI "-s --sourceport " "port number" \c
\& The source port number to be scan
.TP
.BI "-d --destport " "port number" \c
\& The destination port number to be scan
.TP
.BI "-g --globalport " "port" \c
\& The source or destination port to be scan
.TP
.BI "-S --sourceip " "IP address[:netmask]" " | " "domain name" " | " "IP address/netmask(CIDR)" \c
\& The source IP adress to be scan
.TP
.BI "-D --destip " "IP address[:netmask]" " | " "domain name" " | " "IP address/netmask(CIDR)" \c
\& The destination IP adress to be scan
.TP
.BI "-G --globalip " "IP address[:netmask]" " | " "domain name" " | " "IP address/netmask(CIDR)" \c
\& The source or destination IP to be scan
.TP
.BI "-p --protocol " "name" \c
\& Specify the protocol
.TP
.BI "-f --filter " "string" \c
\& Enable (application layer) filter with a string
.TP
.BI "-F --filter-regex " "regular expression" \c
\& Enable (application layer) filter with a regular expression (POSIX)
.TP
.BI "-t --timelimit " "number"\c
\& Give a limit of time to sniff (seconds)
.TP
.BI "-l --limitnb " "number" \c
\& Give the number of packets to display before stop the sniffing
.SH DISPLAY OPTIONS
.TP
.B -a --displaydata \c
\& Display the received (application layer) data
.TP
.B -A --simpledisplay \c
\& Enable the simple display
.TP
.B -b --displayprototransport \c
\& Display the name/size of the transport layer protocol
.TP
.B -B --displayprotonetwork \c
\& Display the name/size of the network layer protocol
.TP
.B -c --displayprotodatalink \c
\& Display the name/size of the datalink layer protocol
.TP
.B -H --hexa \c
\& Display data in hexadecimal
.TP
.B -n --displaypackets \c
\& Display the length of the received packets
.TP
.B -N --displayallpackets \c
\& Display the length of all the not filtred received packets
.TP
.B -q --quiet \c
\& Do not display packets
.TP
.B -v --verbose \c
\& Verbose mode, display the headers of the scanned packets
.TP
.B -z --dontdisplayemptysp \c
\& Dont display the empty application layer packets
.SH OTHER OPTIONS
.TP
.B -j --noresolv \c
\& Do not try to resolv machines addresses when using simple-display (makes the display runs faster)
.TP
.BI "-r --read " "file" \c
\& Load data from a saved file
.TP
.BI "-w --write " "file" \c
\& Save the data in an outputfile
.TP
.BI "-o --outputdata " "file" \c
\& The output file name (for the data)
.TP
.BI "-O --output " "file"\c
\& The output file name (for the headers)
.TP
.B -h --help \c
\& Display the help
.TP
.B --version \c
\& Display the version of the software
.TP
.B --license \c
\& Display the copyright informations
.SH AUTHOR
.RB "The " "groinc" " software and this manual page was written by Luc Sarzyniec <[email protected]>"
.SH BUGS
.RI "You can report bugs to <[email protected]> or visit " "http://groinc.nongnu.org/"
.SH COPYRIGHT
Copyright (C) 2006-2008 Luc Sarzyniec