> Modules > IPv4 / IPv6 > net.sniff - net.fuzz

net.sniff - net.fuzz

This module is a network packet sniffer and fuzzer supporting both BPF syntax and regular expressions for filtering. It is also able to dissect several major protocols in order to harvest credentials.

Commands

`net.sniff on`

Start the packet sniffer.

`net.sniff off`

Stop the packet sniffer.

`net.sniff stats`

Print the packet sniffer session configuration and statistics.

`net.fuzz on`

Enable fuzzing for every sniffed packet containing the specified layers.

`net.fuzz off`

Disable fuzzing.

Parameters

parameter	default	description
`net.sniff.output`		If set, the sniffer will write captured packets to this pcap file.
`net.sniff.source`		If set, the sniffer will read from this pcap file instead of the current interface.
`net.sniff.verbose`	`false`	If true, every captured and parsed packet will be sent to the events.stream for displaying, otherwise only the ones parsed at the application layer (sni, http, etc).
`net.sniff.local`	`false`	If true it will consider packets from/to this computer, otherwise it will skip them.
`net.sniff.filter`	`not arp`	BPF filter for the sniffer.
`net.sniff.regexp`		If set, only packets with a payload matching this regular expression will be considered.
`net.fuzz.layers`	`Payload`	Comma separated types of layer to fuzz.
`net.fuzz.rate`	`1.0`	Rate in the [0.0,1.0] interval of packets to fuzz.
`net.fuzz.ratio`	`0.4`	Rate in the [0.0,1.0] interval of bytes to fuzz for each packet.
`net.fuzz.silent`	`false`	If true it will not report fuzzed packets.

Examples

The local-sniffer.cap caplet will sniff, parse and print all packets on the local machine:

events.clear

set net.sniff.verbose false
set net.sniff.local true
# uncomment to skip ARP and DNS requests
# set net.sniff.filter "not arp and not udp port 53"
net.sniff on

Change 90% of mDNS incoming packets by fuzzing 40% of their payload (will reinject fuzzed packets):

set net.sniff.verbose true
set net.fuzz.rate 0.9
set net.fuzz.ratio 0.4
set net.fuzz.silent false
set net.fuzz.layers Payload
set net.sniff.filter "host 224.0.0.251 and port 5353"
net.fuzz on

Change 100% of WiFi packets by fuzzing 70% of their Dot11InformationElement and Dot11Data layers:

set net.sniff.verbose true
set net.fuzz.rate 1.0
set net.fuzz.ratio 0.7
set net.fuzz.layers Dot11InformationElement, Dot11Data
net.fuzz on