fbpx
Wikipedia

netsniff-ng

December 15, 2023

netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets (RX_RING, TX_RING),[4] so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg().[5] libpcap, starting with release 1.0.0, also supports the zero-copy mechanism on Linux for capturing (RX_RING), so programs using libpcap also use that mechanism on Linux.

netsniff-ng toolkit
Original author(s)Daniel Borkmann
Developer(s)Daniel Borkmann, Tobias Klauser, Herbert Haas, Emmanuel Roullit, Markus Amend and many others
Initial releaseDecember, 2009
Stable release
0.6.8[1] / 11 January 2021; 2 years ago (11 January 2021)
Repositoryhttps://github.com/netsniff-ng/netsniff-ng
Written inC
Operating systemLinux
Available inEnglish
Type
LicenseGPLv2[2]
Websitehttp://netsniff-ng.org[3]

Overview edit

netsniff-ng was initially created as a network sniffer with support of the Linux kernel packet-mmap interface for network packets, but later on, more tools have been added to make it a useful toolkit such as the iproute2 suite, for instance. Through the kernel's zero-copy interface, efficient packet processing can be reached even on commodity hardware. For instance, Gigabit Ethernet wire-speed has been reached with netsniff-ng's trafgen.[6][7] The netsniff-ng toolkit does not depend on the libpcap library. Moreover, no special operating system patches are needed to run the toolkit. netsniff-ng is free software and has been released under the terms of the GNU General Public License version 2.

The toolkit currently consists of a network analyzer, packet capturer and replayer, a wire-rate traffic generator, an encrypted multiuser IP tunnel, a Berkeley Packet Filter compiler, networking statistic tools, an autonomous system trace route and more:[8]

Distribution specific packages are available for all major operating system distributions such as Debian[9] or Fedora Linux. It has also been added to Xplico's Network Forensic Toolkit,[10] GRML Linux, SecurityOnion,[11] and to the Network Security Toolkit.[12] The netsniff-ng toolkit is also used in academia.[13][14]

Basic commands working in netsniff-ng edit

In these examples, it is assumed that eth0 is the used network interface. Programs in the netsniff-ng suite accept long options, e.g., --in ( -i ), --out ( -o ), --dev ( -d ).

  • For geographical AS TCP SYN probe trace route to a website:
astraceroute -d eth0 -N -S -H <host e.g., netsniff-ng.org> 
ifpps -d eth0 -p
  • For high-speed network packet traffic generation, trafgen.txf is the packet configuration:
trafgen -d eth0 -c trafgen.txf 
bpfc fubar.bpf
  • For live-tracking of current TCP connections (including protocol, application name, city and country of source and destination):
flowtop
  • For efficiently dumping network traffic in a pcap file:
netsniff-ng -i eth0 -o dump.pcap -s -b 0

Platforms edit

The netsniff-ng toolkit currently runs only on Linux systems. Its developers decline a port to Microsoft Windows.[15]

See also edit

References edit

  1. ^ "Release 0.6.8". 11 January 2021. Retrieved 13 January 2021.
  2. ^ "netsniff-ng license". GitHub. Retrieved 20 December 2021.
  3. ^ Error: Unable to display the reference properly. See the documentation for details.
  4. ^ "Description of the Linux packet-mmap mechanism". Retrieved 6 November 2011.
  5. ^ "netsniff-ng homepage, abstract, zero-copy". from the original on 8 September 2016. Retrieved 6 November 2011.
  6. ^ "Network Security Toolkit Article about trafgen's performance capabilities". Retrieved 6 November 2011.
  7. ^ . 16 October 2011. Archived from the original on 25 April 2012. Retrieved 6 November 2011.
  8. ^ "netsniff-ng README". GitHub. Retrieved 16 February 2018.
  9. ^ "netsnif-ng in Debian".
  10. ^ "Xplico support of netsniff-ng". Retrieved 6 November 2011.
  11. ^ "Security Onion 12.04 RC1 available now!". Retrieved 16 December 2012.
  12. ^ "Network Security Toolkit adds netsniff-ng". Retrieved 6 November 2011.
  13. ^ . Archived from the original on 10 November 2011. Retrieved 7 November 2011.
  14. ^ "netsniff-ng's trafgen at Columbia University". Retrieved 7 November 2011.
  15. ^ "netsniff-ng FAQ declining a port to Microsoft Windows". Retrieved 21 June 2015.

External links edit

  • Official netsniff-ng website
  • netsniff-ng FAQ
  • netsniff-ng at GitHub
  • Linux' packet mmap(), BPF, and the netsniff-ng toolkit, talk at DevConf (long)
  • , talk at OpenSourceDays (short)
  • netsniff-ng(8) – Linux Administration and Privileged Commands Manual

December 15, 2023
netsniff, free, linux, network, analyzer, networking, toolkit, originally, written, daniel, borkmann, gain, performance, reached, zero, copy, mechanisms, network, packets, ring, ring, that, linux, kernel, does, need, copy, packets, from, kernel, space, user, s. netsniff ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann Its gain of performance is reached by zero copy mechanisms for network packets RX RING TX RING 4 so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg 5 libpcap starting with release 1 0 0 also supports the zero copy mechanism on Linux for capturing RX RING so programs using libpcap also use that mechanism on Linux netsniff ng toolkitOriginal author s Daniel BorkmannDeveloper s Daniel Borkmann Tobias Klauser Herbert Haas Emmanuel Roullit Markus Amend and many othersInitial releaseDecember 2009Stable release0 6 8 1 11 January 2021 2 years ago 11 January 2021 Repositoryhttps github com netsniff ng netsniff ngWritten inCOperating systemLinuxAvailable inEnglishTypeNetwork managementNetwork engineeringComputer securityLicenseGPLv2 2 Websitehttp netsniff ng org 3 Contents 1 Overview 2 Basic commands working in netsniff ng 3 Platforms 4 See also 5 References 6 External linksOverview editnetsniff ng was initially created as a network sniffer with support of the Linux kernel packet mmap interface for network packets but later on more tools have been added to make it a useful toolkit such as the iproute2 suite for instance Through the kernel s zero copy interface efficient packet processing can be reached even on commodity hardware For instance Gigabit Ethernet wire speed has been reached with netsniff ng s trafgen 6 7 The netsniff ng toolkit does not depend on the libpcap library Moreover no special operating system patches are needed to run the toolkit netsniff ng is free software and has been released under the terms of the GNU General Public License version 2 The toolkit currently consists of a network analyzer packet capturer and replayer a wire rate traffic generator an encrypted multiuser IP tunnel a Berkeley Packet Filter compiler networking statistic tools an autonomous system trace route and more 8 netsniff ng a zero copy analyzer packet capturer and replayer itself supporting the pcap file format trafgen a zero copy wire rate traffic generator mausezahn a packet generator and analyzer for HW SW appliances with a Cisco CLI bpfc a Berkeley Packet Filter compiler ifpps a top like kernel networking statistics tool flowtop a top like netfilter connection tracking tool with Geo IP information curvetun a lightweight multiuser IP tunnel based on elliptic curve cryptography astraceroute an autonomous system trace route utility with Geo IP informationDistribution specific packages are available for all major operating system distributions such as Debian 9 or Fedora Linux It has also been added to Xplico s Network Forensic Toolkit 10 GRML Linux SecurityOnion 11 and to the Network Security Toolkit 12 The netsniff ng toolkit is also used in academia 13 14 Basic commands working in netsniff ng editIn these examples it is assumed that eth0 is the used network interface Programs in the netsniff ng suite accept long options e g in i out o dev d For geographical AS TCP SYN probe trace route to a website astraceroute d eth0 N S H lt host e g netsniff ng org gt For kernel networking statistics within promiscuous mode ifpps d eth0 p For high speed network packet traffic generation trafgen txf is the packet configuration trafgen d eth0 c trafgen txf For compiling a Berkeley Packet Filter fubar bpf bpfc fubar bpf For live tracking of current TCP connections including protocol application name city and country of source and destination flowtop For efficiently dumping network traffic in a pcap file netsniff ng i eth0 o dump pcap s b 0Platforms editThe netsniff ng toolkit currently runs only on Linux systems Its developers decline a port to Microsoft Windows 15 See also editComparison of packet analyzers OpenVPN Packet generator Tcpdump Traceroute Traffic generation model Wireshark XplicoReferences edit Release 0 6 8 11 January 2021 Retrieved 13 January 2021 netsniff ng license GitHub Retrieved 20 December 2021 Error Unable to display the reference properly See the documentation for details Description of the Linux packet mmap mechanism Retrieved 6 November 2011 netsniff ng homepage abstract zero copy Archived from the original on 8 September 2016 Retrieved 6 November 2011 Network Security Toolkit Article about trafgen s performance capabilities Retrieved 6 November 2011 Developer s blog about trafgen s performance 16 October 2011 Archived from the original on 25 April 2012 Retrieved 6 November 2011 netsniff ng README GitHub Retrieved 16 February 2018 netsnif ng in Debian Xplico support of netsniff ng Retrieved 6 November 2011 Security Onion 12 04 RC1 available now Retrieved 16 December 2012 Network Security Toolkit adds netsniff ng Retrieved 6 November 2011 netsniff ng s trafgen at University of Napoli Federico II Archived from the original on 10 November 2011 Retrieved 7 November 2011 netsniff ng s trafgen at Columbia University Retrieved 7 November 2011 netsniff ng FAQ declining a port to Microsoft Windows Retrieved 21 June 2015 External links editOfficial netsniff ng website netsniff ng FAQ netsniff ng at GitHub netsniff ng mailing list archive Linux packet mmap BPF and the netsniff ng toolkit talk at DevConf long Packet sockets BPF netsniff ng talk at OpenSourceDays short netsniff ng 8 Linux Administration and Privileged Commands Manual Retrieved from https en wikipedia org w index php title Netsniff ng amp oldid 1177529001, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.