snifob is a sniffer output beautifier written in perl. It colourizes and
de-hex-ifies console based packet sniffer output to improve readability.
It currently supports snort, tcpdump, and Solaris's snoop. It can be invoked as a
wrapper to the packet sniffer, or in a command pipeline (E.g.: tcpdump -lvvenxs 1518 | snifob).

for more details, download and run snifob with --help
or run "perldoc snifob".


  • snort support requires this patch which can be applied with the gnu patch program.

    After applying the patch with "patch" you can configure, compile,
    and then run snort with -B as one of the options.

  • snifob is beta software. I think it executes as expected
    and have tested it myself, but it needs more eyes than mine. It
    probably also needs more documentation, and I need to improve this
    web page.

  • snifob will undergo multiple iterations of improvement
    as I have time and as people use it and give me feedback
    on it.

    Possible problems

    It doesn't run:

    Is your path correct ?
    Does perl live somewhere other than /usr/bin/perl ?
    Have you edited $sniffer, $sniffer_dump, $sniffer_options, $sniffer_options_dump ?

    No output is showing up:

    are you running tcpdump with -l ?
    are you running patched snort with -B ?

    Development infos

    snifob was developed with snort 1.6.3, tcpdump 3.5.2,
    vim 5.6, perl 5.005_03, on Debian GNU/Linux 2.2.

    It is also known to run on Solaris 7, RedHat 6.2 and 7.0.


    You can acquire it here.

    Please send feedback to: Holt Sorenson - hso at nosneros dot net