forked from netsniff-ng/netsniff-ng
netsniff-ng toolkit, the packet sniffing beast, staging tree
License
3rl/netsniff-ng
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
////////////////////////////////////////////////////////////////////////////// netsniff-ng - the packet sniffing beast \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ . . /( )\ .' {______} '. \ ^, ,^ / netsniff-ng is a free, performant |'O\ /O'| _.<0101011>-- Linux network analyzer and > `' '` < / networking toolkit. ) ,.==., ( | (|/--~~--\|)-' Release: 2011-xx-xx / ( ___ Web: http://netsniff-ng.org \__.=|___E The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace and vice versa. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. Furthermore we are focussing on building a robust, clean and secure analyzer and utilities that complete netsniff-ng as a support for the the daily work of system administrators, networking engineers, researchers or security specialists. The netsniff-ng toolkit [1] currently consists of the following utilities: * netsniff-ng: the 'zero-copy' sniffer, pcap capturer and replayer itself * warp: an ARP cache poisoning utility (todo) * trafgen: a high performance 'zero-copy' network packet generator * ifpps: a top-like kernel networking and system statistics tool * curvetun: a lightweight curve25519-based multiuser IP tunnel * ashunt: an Autonomous System trace route and ISP testing utility * flowtop: a top-like netfilter connection tracking tool * bpfc: a tiny Berkeley Packet Filter compiler supporting Linux extensions The netsniff-ng toolkit is an Open Source project covered by the GNU General Public License. For any questions or feedback about netsniff-ng you are welcome to leave us a message to <workgroup@netsniff-ng.org> or to our mailing list at <netsniff-ng@googlegroups.com> (Note: you have to register first). This project is purely non-commercial and will always stay that way! The current project status can be considered as "working". In general, all tools have been tested by us to a great extend including their command-line options. In fact, many of our tools are used in production systems. However, we give no guarantee that our tools are free of bugs! If you spot some issues, contact us as described in REPORTING-BUGS. Also, have a look at our FAQ [2] for answering your questions. Furthermore, we have a development blog [3] where we sometimes drop some interesting things or news for the outside world! A public repository of the old stable releases (which you probably do not want to have a look at), can be found here [4]. By the way, some notes on zero-copy ... You might want to have NAPI drivers [5] enabled in your kernel to reduce interrupt load and for high-speed (= relative to the CPU speed) PCAP dumping and replay, a fast SSD isn't too bad either, and make sure to use netsniff-ngs scatter/gather or mmap I/O options. Next to this, (and this refers to packet generation as well), a 10-Gbit/s-Ethernet NIC, an appropriate amount of RAM and a fast CPU is recommended. Furthermore, you should bind the netsniff-ng tools to a specific CPU via commandline option (i.e. --bind 0). Some further recommendations can be found in [6] [8]. Also, Eric Dumazets BPF Just-in-Time compiler can speed up the critical path [7]. You might want to have a look at INSTALL, HACKING, CODING and COPYING, too. Happy packet hacking! [1] http://netsniff-ng.org/ [2] http://netsniff-ng.org/faq.html [3] http://dev.netsniff-ng.org/ [4] http://pub.netsniff-ng.org/ [5] http://www.linuxfoundation.org/collaborate/workgroups/networking/napi [6] http://datatag.web.cern.ch/datatag/howto/tcp.html [7] http://thread.gmane.org/gmane.linux.network/191115 Kernel build option: CONFIG_HAVE_BPF_JIT=y CONFIG_BPF_JIT=y [8] http://bit.ly/3XbBrM
About
netsniff-ng toolkit, the packet sniffing beast, staging tree
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published