'\" t .\" Title: nsntrace .\" Author: Jonas Danielsson .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 03/29/2024 .\" Manual: nsntrace .\" Source: nsntrace .\" Language: English .\" .TH "NSNTRACE" "1" "03/29/2024" "nsntrace" "nsntrace" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" nsntrace \- Perform a network trace of a process by using Linux network namespaces .SH "SYNOPSIS" .HP \w'\fBnsntrace\fR\ 'u \fBnsntrace\fR [options] \fIprogram\fR [arguments] .SH "DESCRIPTION" .PP \fBnsntrace\fR uses Linux network namespaces to perform network traces of the specified \fIprogram\fR\&. The traces are stored as pcap files\&. And can later be analyzed by applications such as \fBwireshark\fR\&. .PP \fBnsntrace\fR creates a new network namespace and launches the specified \fIprogram\fR in it\&. This will ensure that all the packets we trace come from the system or the specified \fIprogram\fR\&. .PP To get around the isolation caused by the network namespace a virtual network interface is created\&. And in order for the \fIprogram\fR network traffic to reach the root network namespace \fBiptables\fR is used\&. .PP Since \fBnsntrace\fR uses iptables and traces raw sockets it needs to be run as root\&. .SH "OPTIONS" .PP The following options are understood: .PP \fB\-\-device \fR\fB\fIdev\fR\fR, \fB\-d \fR\fB\fIdev\fR\fR .RS 4 The network device to use in trace\&. .RE .PP \fB\-\-use\-public\-dns\fR .RS 4 Override resolv\&.conf in namespace to use public nameservers from Quad9 (9\&.9\&.9\&.9), Cloudflare (1\&.1\&.1\&.1), Google (8\&.8\&.8\&.8) and OpenDNS (208\&.67\&.222\&.222)\&. .RE .PP \fB\-\-outfile \fR\fB\fIfile\fR\fR, \fB\-o \fR\fB\fIfile\fR\fR .RS 4 Write the trace output to the file \fIfile\fR\&. Default is nsntrace\&.pcap\&. Use \*(Aq\-\*(Aq for stdout\&. .RE .PP \fB\-\-user \fR\fB\fIuser\fR\fR, \fB\-u \fR\fB\fIuser\fR\fR .RS 4 Run program with the user ID, group ID and supplementary groups of \fIuser\fR\&. .RE .PP \fB\-\-filter \fR\fB\fIfilter\fR\fR, \fB\-f \fR\fB\fIfilter\fR\fR .RS 4 The capture filter to use while capturing\&. See \fBpcap-filter\fR(7) for \fIfilter\fR syntax\&. .RE .SH "EXIT STATUS" .PP On success, 0 is returned; otherwise, a non\-zero failure code is returned\&. .SH "AUTHOR" .PP \fBJonas Danielsson\fR <\&jonas@threetimestwo\&.org\&> .RS 4 Original author .RE