forked from netsniff-ng/netsniff-ng
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
74 lines (61 loc) · 3.65 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
////////////////////////////////////////////////////////////////
netsniff-ng - the packet sniffing beast
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
. .
/( )\
.' {______} '.
\ ^, ,^ /
netsniff-ng is a free, performant |'O\ /O'| _.<0101011>--
Linux network analyzer and > `' '` < /
networking toolkit. ) ,.==., ( |
(|/--~~--\|)-'
Release: 2011-xx-xx /
( ___
Web: http://netsniff-ng.org \__.=|___E
The gain of performance is reached by 'zero-copy' mechanisms, so that the
kernel does not need to copy packets from kernelspace to userspace and vice
versa.
For this purpose netsniff-ng is libpcap independent, but nevertheless supports
the pcap file format for capturing, replaying and performing offline-analysis
of pcap dumps. Furthermore we are focussing on building a robust, clean and
secure analyzer and utilities that complete netsniff-ng as a support for the
the daily work of system administrators, networking engineers, researchers or
security specialists.
The netsniff-ng toolkit [1] currently consists of the following utilities:
* netsniff-ng: the 'zero-copy' sniffer (and pcap replayer) itself
* arpswirl: an ARP cache poisoning utility (todo)
* trafgen: a powerful 'zero-copy' network packet generator
* flowtop: a top-like netfilter connection tracking tool (todo)
* curvetun: a lightweight curve25519-based multiuser IP tunnel
* ashunt: an Autonomous System trace route utility
* bpfc: a tiny Berkeley Packet Filter compiler supporting kernel extensions
* ifpps: a top-like kernel networking statistics tool
The netsniff-ng toolkit is an Open Source project covered by the GNU General
Public License. For any questions or feedback about netsniff-ng you are welcome
to leave us a message to <[email protected]> or to our mailing list
at <[email protected]> (Note: you have to register first). This
project is purely non-commercial and will always stay that way!
Also, have a look at our FAQ [2] for answering your questions. Furthermore,
we have a development blog [3] where we sometimes drop some interesting things
or news for the outside world! A public repository of the old stable releases
(which you probably do not want to have a look at), can be found here [4].
By the way, some notes on zero-copy ... You might want to have NAPI drivers [5]
enabled in your kernel to reduce interrupt load and for high-speed (= relative
to the CPU speed) PCAP dumping and replay, a fast SSD isn't too bad either,
and make sure to use netsniff-ngs scatter/gather or mmap I/O options. Next to
this, (and this refers to packet generation as well), a 10-Gbit/s-Ethernet
NIC, an appropriate amount of RAM and a fast CPU is recommended. Furthermore,
you should bind the netsniff-ng tools to a specific CPU via commandline option
(i.e. --bind 0). Some further recommendations can be found in [6] [8]. Also,
Eric Dumazets BPF Just-in-Time compiler can speed up the critical path [7].
You might want to have a look at INSTALL, REPORTING-BUGS, HACKING, CODING,
and COPYING, too. Anyways, enough talking from my side and happy packet
hacking!
[1] http://netsniff-ng.org/
[2] http://netsniff-ng.org/faq.html
[3] http://dev.netsniff-ng.org/
[4] http://pub.netsniff-ng.org/
[5] http://www.linuxfoundation.org/collaborate/workgroups/networking/napi
[6] http://datatag.web.cern.ch/datatag/howto/tcp.html
[7] http://thread.gmane.org/gmane.linux.network/191115
[8] http://bit.ly/3XbBrM