NAME

nsntrace - Perform a network trace of a process by using Linux network namespaces

SYNOPSIS

nsntrace [options] program [arguments]

DESCRIPTION

nsntrace uses Linux network namespaces to perform network traces of the specified program. The traces are stored as pcap files. And can later be analyzed by applications such as wireshark.

nsntrace creates a new network namespace and launches the specified program in it. This will ensure that all the packets we trace come from the system or the specified program.

To get around the isolation caused by the network namespace a virtual network interface is created. And in order for the program network traffic to reach the root network namespace iptables is used.

Since nsntrace uses iptables and traces raw sockets it needs to be run as root.

OPTIONS

The following options are understood:

--device dev, -d dev

The network device to use in trace.

--use-public-dns

Override resolv.conf in namespace to use public nameservers from Quad9 (9.9.9.9), Cloudflare (1.1.1.1), Google (8.8.8.8) and OpenDNS (208.67.222.222).

--outfile file, -o file

Write the trace output to the file file. Default is nsntrace.pcap. Use '-' for stdout.

--user user, -u user

Run program with the user ID, group ID and supplementary groups of user.

--filter filter, -f filter

The capture filter to use while capturing. See pcap-filter(7) for filter syntax.

EXIT STATUS

On success, 0 is returned; otherwise, a non-zero failure code is returned.

AUTHOR

Jonas Danielsson <jonas@threetimestwo.org>

Original author

01/06/2021

nsntrace