Easy network traffic inspection with sniffnet

Community Guides
1

Hi, I just found this project GitHub - GyulyVGC/sniffnet: Application to comfortably monitor your Internet traffic 🕵️‍♂️ Here is how to use it on sys-net to have a quick overview of what’s happening on your network

Installation

Fedora based sys-net

  1. Get the download link for the latest release: Releases · GyulyVGC/sniffnet · GitHub , depending of your sys-net system, pick Sniffnet_LinuxRPM_x86_64.rpm
  2. Download the file in sys-net
  3. Open a terminal in sys-net
  4. Type the following command to install the program: sudo rpm -i Sniffnet_LinuxRPM_x86_64.rpm
  5. Type the following command to run the program: sniffnet

Debian based sys-net

  1. Get the download link for the latest release: Releases · GyulyVGC/sniffnet · GitHub , depending of your sys-net system, pick Sniffnet_LinuxDEB_amd64.deb
  2. Download the file in sys-net, if it’s an AppVM, you can store the file in the home directory
  3. Open a terminal in sys-net
  4. Type the following command to install the program: sudo dpkg -i Sniffnet_LinuxDEB_amd64.deb
  5. Type the following command to run the program: sniffnet

Persistency

sys-net should either be an AppVM or fully disposable, so installing a package in it like we did above won’t persist after a reboot. There are different solutions though:

Install on an AppVM sys-net

If you are a wifi user, you are likely to have an AppVM where /home/ is persistent.

In order to install sniffnet automatically at every boot, modify the file /rw/config/rc.local to add the command installing the program as explained above, make sure to use the full path to the file, like /home/user/Sniffnet_LinuxDEB_amd64.deb (example using the Debian file name).

Install sniffnet everywhere

This is my least favorite but the most practical. You can install sniffnet in the template used by sys-net (or the template for the dvm template). Sniffnet can be barely trusted, it’s not ideal to do that, but this would provide siffnet in all your qubes.

Install in a disposable sys-net

This setup is trickier, the easiest way (but not really bandwidth efficient) is to download the file at every boot and install it, but this should be done in the DVM template. I won’t go into details, it’s meant for users who understand the process.

  • edit the rc.local file for the DVM template
  • use something like this (not tested)
if [ "$(hostname)" = "sys-net" ]
then
  cd /tmp/
  curl -OL https://path/to/package_file
  rpm -i package_file # for fedora
  dpkg -i package_file # for debian
fi

Screenshots

Startup screen to select a network interface

sniffnet_01
sniffnet_011367×821 61.7 KB

Realtime traffic

sniffnet_02
sniffnet_021367×821 76.8 KB

Traffic inspection, allowing filters

sniffnet_03
sniffnet_031367×821 108 KB

3 Likes
2

Looks cool, but I’m not sure what I’d use this for. Do you have use cases in mind for Qubes users?

3

You could monitor if some qubes are leaking data.

My guide is explaining how to install it on sys-net, but this could be installed on a dedicated sys-firewall restricted to a few qubes you would like to monitor. It’s not as powerful as tcpdump or wireshark, but it easily get an overview without requiring technical skills.

4

I tried using this but it threw an X11 error. I didn’t save it nor have time to try again. Using Debian based sys-net.

5

If you want help, you should share more information:

  • which debian version? using minimal template?
  • how did you run sniffnet?
  • what was the error?

I just tried in a debian 11 disposable and it worked using the instructions above.

My first guess would be that you used a minimal template which make lack some libs :slight_smile:

6

Thanks for the information about this package. I have been looking for a real-time monitoring system but had not come across this one yet. I’m just kicking it around now to see what it can do.

I decided to try a cargo/Rust build/install and did the following in a template with fairly good result, but it temporarily needs network access in order to build. I suppose you could do this in an AppVM and move it to /usr/local/bin instead.

# need some packages
sudo dnf install cargo
sudo dnf install rust-alsa
sudo dnf install rust-pcap-devel
# /tmp was not big enough to build and link
sudo mount -o remount,size=10G /tmp/
# build it
sudo cargo install sniffnet
# move exe from root private directory to system space
sudo mv /root/.cargo/bin/sniffnet /usr/bin/
# create a desktop file that was not included
cat << EOF > ./sniffnet.desktop
[Desktop Entry]
Version=1.0
Type=Application
Name=Sniffnet
Comment=Application to comfortably monitor your network traffic
Categories=Network;Utility;
Icon=sniffnet
Exec=sudo /usr/bin/sniffnet
StartupWMClass=sniffnet
Terminal=false
EOF
# move the .desktop file to shared space
sudo mv ./sniffnet.desktop /usr/share/applications/

1 Like