Justniffer is a network TCP packet sniffer and logging tool designed to capture, decode, and analyze TCP/IP traffic with a strong focus on HTTP. Its flexible logging engine allows it to adapt to virtually any TCP‑based protocol, making it useful for debugging, performance analysis, and custom traffic inspection.
Justniffer can decode HTTP requests and responses, extracting:
- Client and server IP addresses
- Requested URLs
- HTTP headers
- Message bodies
- TLS info
- Timing information (request time, response time, idle time, etc.)
For non‑HTTP traffic, Justniffer provides a powerful and customizable logging system that allows you to extract any relevant information from the TCP data stream.
Packet capture is performed using libpcap, ensuring compatibility with standard capture formats and tools such as tcpdump.
- HTTP request/response decoding
- Customizable log formats for any TCP‑based protocol
- Performance metrics: request time, response time, idle time, connection time
sequenceDiagram
participant Client
participant Server
%% Connection setup
Client->>Server: SYN (connect)
Note right of Server: %connection.time
Server-->>Client: SYN/ACK
Client->>Server: ACK
Note right of Server: ESTABLISHED
%% Idle before request
Note right of Server: %idle.time.0\n(after connection, before request)
%% Request phase
Client->>Server: Request (first packet)
Server-->>Client: ACK
Client->>Server: Request (data...)
Note right of Server: %request.time
Server-->>Client: ACK
Client->>Server: Request (last packet)
Server-->>Client: ACK
%% Response phase
Note right of Server: %response.time.begin
Server-->>Client: Response (first packet)
Client->>Server: ACK
Server-->>Client: Response (data...)
Note right of Server: %response.time.end
Client->>Server: ACK
Server-->>Client: Response (last packet)
Client->>Server: ACK
%% Idle after response
Note right of Server: %idle.time.1\n(after response, before next request/close)
%% Connection close
Server-->>Client: CLOSE
- libpcap‑based capture (live or from
.pcapfiles) - Promiscuous mode support for passive monitoring
- Extensible via external scripts (bash, Python, Perl, ELF binaries) — Learn more
- Reconstructs TCP streams including reordering, retransmissions, fragmentation
sudo apt install software-properties-common
sudo add-apt-repository ppa:oreste-notelli/ppa
sudo apt update
sudo apt install justnifferjustniffer -i eth0justniffer -i eth0 -a " %response.time"justniffer -i eth0 -rjustniffer -i eth0 -l "%request.timestamp %source.ip %dest.ip %request.header.host %request.url"justniffer -f file.capjustniffer -i eth0output:
192.168.2.2 - - [15/Apr/2009:17:19:57 +0200] "GET /sflogo.php?group_id=205860&type=2 HTTP/1.1" 200 0 "" "Mozilla/5.0 ..."
...
justniffer -i eth0 -a " %response.time"output:
192.168.2.5 - - [22/Apr/2009:22:27:36 +0200] "GET /sflogo.php?group_id=205860&type=2 HTTP/1.1" ... 0.427993
...
(add -u or -x to encode unprintable characters)
justniffer -i eth0 -routput:
GET /doc/maint-guide/ch-upload.en.html HTTP/1.1
Host: www.debian.org
...
justniffer -i eth0 -l "%request.timestamp %source.ip %dest.ip %request.header.host %request.url"output:
06/28/11 13:30:48 192.168.2.2 72.14.221.118 i1.ytimg.com /vi/TjSk6CVN5LY/default.jpg
...
justniffer -f /file.capFull documentation, advanced examples, and usage guides:
👉 https://onotelli.github.io/justniffer/
Pull requests, bug reports, and feature suggestions are welcome.
Justniffer is released under the GPLv3 license.