| blob | 2863d60d0e548f42de0f9a9c6d35baa9c3e9bffe |
1 Tools:
2 //////
4 The toolkit is split into small, useful utilities that are or are not
5 necessarily related to each other. Each program for itself fills a gap as
6 a helper in your daily network debugging, development or audit.
8 *netsniff-ng* is a high-performance network analyzer based on packet mmap(2)
9 mechanisms. It can record pcap files to disc, replay them and also do an
10 offline and online analysis. Capturing, analysis or replay of raw 802.11
11 frames are supported as well. pcap files are also compatible with tcpdump
12 or Wireshark traces. netsniff-ng processes those pcap traces either in
13 scatter-gather I/O or by mmap(2) I/O.
15 *trafgen* is a high-performance network traffic generator based on packet
16 mmap(2) mechanisms. It has its own flexible, macro-based low-level packet
17 configuration language. Injection of raw 802.11 frames are supported as well.
18 trafgen has a significantly higher speed than mausezahn and comes very close
19 to pktgen, but runs from user space. pcap traces can also be converted into
20 a trafgen packet configuration.
22 *mausezahn* is a performant high-level packet generator that can run on a
23 hardware-software appliance and comes with a Cisco-like CLI. It can craft
24 nearly every possible or impossible packet. Thus, it can be used, for example,
25 to test network behaviour under strange circumstances (stress test, malformed
26 packets) or to test hardware-software appliances for several kind of attacks.
28 *bpfc* is a Berkeley Packet Filter (BPF) compiler that understands the original
29 BPF language developed by McCanne and Jacobson. It accepts BPF mnemonics and
30 converts them into kernel/netsniff-ng readable BPF ``opcodes''. It also
31 supports undocumented Linux filter extensions. This can especially be useful
32 for more complicated filters, that high-level filters fail to support.
34 *ifpps* is a tool which periodically provides top-like networking and system
35 statistics from the Linux kernel. It gathers statistical data directly from
36 procfs files and does not apply any user space traffic monitoring that would
37 falsify statistics on high packet rates. For wireless, data about link
38 connectivity is provided as well.
40 *flowtop* is a top-like connection tracking tool that can run on an end host
41 or router. It is able to present TCP, UDP(lite), SCTP, DCCP, ICMP(v6) flows
42 that have been collected by the kernel's netfilter connection tracking
43 framework. GeoIP and TCP/SCTP/DCCP state machine information is displayed.
44 Also, on end hosts flowtop can show PIDs and application names that flows
45 relate to as well as aggregated packet and byte counter (if available). No
46 user space traffic monitoring is done, thus all data is gathered by the kernel.
48 *curvetun* is a lightweight, high-speed ECDH multiuser VPN for Linux. curvetun
49 uses the Linux TUN/TAP interface and supports {IPv4,IPv6} over {IPv4,IPv6} with
50 UDP or TCP as carrier protocols. Packets are encrypted end-to-end by a
51 symmetric stream cipher (Salsa20) and authenticated by a MAC (Poly1305), where
52 keys have previously been computed with the ECDH key agreement
53 protocol (Curve25519).
55 *astraceroute* is an autonomous system (AS) trace route utility. Unlike
56 traceroute or tcptraceroute, it not only display hops, but also their AS
57 information they belong to as well as GeoIP information and other interesting
58 things. On default, it uses a TCP probe packet and falls back to ICMP probes
59 in case no ICMP answer has been received.