snoopprotokoll

snoopprotokoll is a lightweight, open‑source multicast and unicast network traffic monitoring protocol developed in 2011 by the German research group Netz- und SystemSicherheit (NSS). The protocol was designed to provide a low‑overhead mechanism for capturing and forwarding packet data across distributed monitoring nodes in large campus and enterprise networks. By building on the existing snoop data format originally created for Apple’s IOS Ethernet analyzers, snoopprotokoll allows cross‑vendor interoperability and makes it easier to integrate packet traces into commercial and academic analysis tools.

A snoopprotokoll packet is encapsulated in a standard Ethernet frame and contains a header that specifies

The project is maintained on GitHub under the MIT license, and contributions from security researchers worldwide