Question 1

How to filter specific protocols with sniffglue?

Accepted Answer

Use the verbosity flags (-v to -vvvv) to control which packet types are displayed. For example, '-v' adds ARP, '-vv' includes SSDP and Dropbox beacons, and higher levels show more protocols, as explained in the Usage section.

Question 2

sniffglue vs tcpdump: which is better for secure environments?

Accepted Answer

sniffglue is explicitly designed with security in mind, using seccomp and privilege dropping to run safely on untrusted networks. tcpdump is more established but lacks these built-in hardening features, making sniffglue preferable for hostile environments.

Question 3

Can sniffglue decrypt TLS or HTTPS traffic?

Accepted Answer

No, sniffglue only parses TLS headers to identify connections but does not decrypt encrypted content. For decryption, you need separate tools or access to encryption keys.

Question 4

How to install sniffglue on Windows?

Accepted Answer

sniffglue is primarily targeted at Unix-like systems; Windows installation isn't documented in the README, suggesting limited or no native support. Users might need to use WSL or alternative tools.

Question 5

What's the performance impact of sniffglue's security measures?

Accepted Answer

The seccomp and privilege dropping add minimal overhead, and the multithreaded design helps maintain performance. However, for very high-speed networks, specialized hardware or optimized software might be necessary to avoid packet loss.

Question 6

How to configure the security sandbox in sniffglue?

Accepted Answer

Security settings are configured via /etc/sniffglue.conf, where you can specify chroot directories and unprivileged users for privilege dropping, as detailed in the Hardening subsection of the Security section.

sniffglue

What is sniffglue?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions