netsniff-ng

netsniff-ng toolkit
Original author(s) Daniel Borkmann
Developer(s) Daniel Borkmann, Tobias Klauser, Herbert Haas, Emmanuel Roullit, Markus Amend and many others
Initial release December, 2009
Stable release
0.5.8 / April 29, 2014 (2014-04-29)
Preview release
0.5.9-rc4 / September 1, 2014 (2014-09-01)
Repository github.com/netsniff-ng/netsniff-ng
Development status Active
Written in C
Operating system Linux
Available in English
Type
License GPLv2[1]
Website netsniff-ng.org

netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets (RX_RING, TX_RING),[2] so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg().[3] libpcap, starting with release 1.0.0, also supports the zero-copy mechanism on Linux for capturing (RX_RING), so programs using libpcap also use that mechanism on Linux.

Overview

netsniff-ng was initially created as a network sniffer with support of the Linux kernel packet-mmap interface for network packets, but later on, more tools have been added to make it a useful toolkit such as the iproute2 suite, for instance. Through the kernel's zero-copy interface, efficient packet processing can be reached even on commodity hardware. For instance, Gigabit Ethernet wire-speed has been reached with netsniff-ng's trafgen.[4][5] The netsniff-ng toolkit does not depend on the libpcap library. Moreover, no special operating system patches are needed to run the toolkit. netsniff-ng is free software and has been released under the terms of the GNU General Public License version 2.

The toolkit currently consists of a network analyzer, packet capturer and replayer, a wire-rate traffic generator, an encrypted multiuser IP tunnel, a Berkeley Packet Filter compiler, networking statistic tools, an autonomous system trace route and more:[6]

Distribution specific packages are available for all major operating system distributions such as Debian[7] or Fedora Linux. It has also been added to Xplico's Network Forensic Toolkit,[8] GRML Linux, SecurityOnion,[9] and to the Network Security Toolkit.[10] The netsniff-ng toolkit is also used in academia.[11][12]

Basic commands working in netsniff-ng

In these examples, it is assumed that eth0 is the used network interface. Programs in the netsniff-ng suite accept long options, e.g., --in ( -i ), --out ( -o ), --dev ( -d ).

astraceroute -d eth0 -N -S -H <host e.g., netsniff-ng.org>
ifpps -d eth0 -p
trafgen -d eth0 -c trafgen.txf
bpfc fubar.bpf
flowtop
netsniff-ng -i eth0 -o dump.pcap -s -b 0

Platforms

The netsniff-ng toolkit currently runs only on Linux systems. Its developers decline a port to Microsoft Windows.[13]

See also

References

  1. "netsniff-ng license".
  2. "Description of the Linux packet-mmap mechanism". Retrieved 6 November 2011.
  3. "netsniff-ng Homepage, Abstract, Zero-copy". Retrieved 6 November 2011.
  4. "Network Security Toolkit Article about trafgen's performance capabilities". Retrieved 6 November 2011.
  5. "Developer's Blog about trafgen's Performance". Retrieved 6 November 2011.
  6. "Tools that are part of netsniff-ng". Retrieved 6 November 2011.
  7. "netsnif-ng in Debian".
  8. "Xplico support of netsniff-ng". Retrieved 6 November 2011.
  9. "Security Onion 12.04 RC1 Available Now!". Retrieved 16 December 2012.
  10. "Network Security Toolkit adds netsniff-ng". Retrieved 6 November 2011.
  11. "netsniff-ng's trafgen at University of Napoli Federico II". Retrieved 7 November 2011.
  12. "netsniff-ng's trafgen at Columbia University". Retrieved 7 November 2011.
  13. "netsniff-ng FAQ declining a port to Microsoft Windows". Retrieved 21 June 2015.
This article is issued from Wikipedia - version of the 12/1/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.