choom - Linux

Overview

choom is a utility to capture network traffic and perform deep packet inspection. It offers a user-friendly interface and allows for real-time monitoring, packet analysis, and content extraction.

Syntax

choom [options] [filter expression] [-- chain-command]

Options/Flags

• -i, --interface: Network interface to capture traffic from.
• -f, --filename: File to save captured traffic.
• -p, --port: Capture traffic on a specific port.
• -t, --timeout: Duration of capture in seconds.
• -l, --live: Display live traffic.
• -a, --ascii: Convert binary data to ASCII.
• -j, --json: Output data in JSON format.
• -v, --verbose: Increase verbosity level.
• -h, --help: Display help information.

Examples

# Capture traffic on interface eth0 for 60 seconds
choom -i eth0 -t 60

# Save captured traffic to a file
choom -i eth0 -f capture.pcap

# Capture traffic on port 80
choom -i eth0 -p 80

# Display live traffic in ASCII format
choom -i eth0 -l -a

# Output data in JSON format
choom -i eth0 -j

Common Issues

• Make sure to run choom with appropriate permissions (sudo choom).
• Ensure that the specified interface is up and running.
• Increase the buffer size if encountering packet loss.

Integration

choom can be integrated with other tools for advanced tasks:

• tcpdump and wireshark: Save captured traffic in pcap format for further analysis.
• grep: Filter captured traffic based on specific patterns.
• jq: Process JSON output and extract specific information.

Related Commands

• tcpdump
• wireshark
• tshark