| Pronunciation: NIC-X-Ray/NICsRay/N-X/Nick's Ray/En Ex/Nickus Ex Reikimus

nx reads packet (or frame) information traversing your network interfaces. Similar to the venerable tcpdump, it can additionally filter packet information based on L2 to L4¹ criteria using a simplified CLI argument syntax.

Notice that any example command preceded by # denotes root or privileged access to the system. Anywhere MY.LOCAL.IP.ADDR is present is replaced with your actual machine IP address.

# nx

# nx eth0

# nx arp icmp

# nx :53

# nx 1.{1.1,0.0}.1:53 [2606:4700:4700::1{11,00}1]:53

# nx 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8

# nx 192.168.0.0/16:22 172.16.0.0/12:22 10.0.0.0/8:22

# nx aa:bb:cc:dd:ee:ff

The @ anchor matches the destination fields of packets.

# nx @10.1.2.3:1234

The ^ anchor matches the source fields of packets.

# nx ^10.1.2.3

@ and ^ can be used together to match packets matching both their source AND destination

# nx ^10.1.2.3@10.4.5.6

The following, for instance, matches any packets originating from 10.1.2.3 OR packets targeting 10.4.5.6.

# nx ^10.1.2.3 @10.4.5.6

The = infix operator matches packets where the left/right side are the src/destination fields OR the destination/src fields.

Assuming local network is 192.168.1.0/24:

# nx MY.LOCAL.IP.ADDR=192.168.1.1

This is equivalent to the following:

# nx ^MY.LOCAL.IP.ADDR@192.168.1.1 @MY.LOCAL.IP.ADDR^192.168.1.1

• tcp
• udp
• icmp
• icmpv6
• arp
• ip-in-ip
• MAC filters
• IP filters
• port filters
• TCP/UDP filters
• CIDR filters
• ICMP specialized output
• colorized output
• Geneve (UDP port 6081, basically) (Wont do)
• man(1) page
• MPLS (EtherType)
• VLAN (EtherType)
• VXLAN (EtherType)
• GRE (IP 47 or UDP)
• pcap format