choom - Linux


choom is a utility to capture network traffic and perform deep packet inspection. It offers a user-friendly interface and allows for real-time monitoring, packet analysis, and content extraction.


choom [options] [filter expression] [-- chain-command]


  • -i, --interface: Network interface to capture traffic from.
  • -f, --filename: File to save captured traffic.
  • -p, --port: Capture traffic on a specific port.
  • -t, --timeout: Duration of capture in seconds.
  • -l, --live: Display live traffic.
  • -a, --ascii: Convert binary data to ASCII.
  • -j, --json: Output data in JSON format.
  • -v, --verbose: Increase verbosity level.
  • -h, --help: Display help information.


# Capture traffic on interface eth0 for 60 seconds
choom -i eth0 -t 60

# Save captured traffic to a file
choom -i eth0 -f capture.pcap

# Capture traffic on port 80
choom -i eth0 -p 80

# Display live traffic in ASCII format
choom -i eth0 -l -a

# Output data in JSON format
choom -i eth0 -j

Common Issues

  • Make sure to run choom with appropriate permissions (sudo choom).
  • Ensure that the specified interface is up and running.
  • Increase the buffer size if encountering packet loss.


choom can be integrated with other tools for advanced tasks:

  • tcpdump and wireshark: Save captured traffic in pcap format for further analysis.
  • grep: Filter captured traffic based on specific patterns.
  • jq: Process JSON output and extract specific information.

Related Commands

  • tcpdump
  • wireshark
  • tshark