html: minor improvements on the website (index, faq)

[netsniff-ng.git] / contrib / html / faq.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<title>netsniff-ng - frequently asked questions</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Robots" content="noarchive">

<link rel="Shortcut Icon" href="http://netsniff-ng.org/img/tiny-logo.png" type="image/png">
<link type="text/css" rel="stylesheet" media="screen" href="style.css" />

<script type="text/javascript">
  function InsertMail(mailnam,mailsvr,maildom)
  {
    document.write('&lt;<a href="mailto:' + mailnam + '@' + mailsvr + '.'
      + maildom + '">' + mailnam + '@' + mailsvr + '.' + maildom + 
      '<\/a>&gt;');
  }
</script>
</head>

<body>
<a href="https://github.com/gnumaniacs/netsniff-ng/"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://a248.e.akamai.net/assets.github.com/img/7afbc8b248c68eb468279e8c17986ad46549fb71/687474703a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f6461726b626c75655f3132313632312e706e67" alt="Fork me on GitHub"></a>
<blockquote>
<p>
<table border="0">
<tr>
<td>
<a href="http://netsniff-ng.org"><img src="http://netsniff-ng.org/img/logo.png" border="0" alt="netsniff-ng"></a>
</td>
<td>
<br><br><br>
<img src="http://netsniff-ng.org/img/logo2.png" border="0" alt="the packet sniffing beast">
</td>
</tr>
</table>
</blockquote>

<h2>Frequently asked questions (FAQ)</h2>
<p>
If your question is not answered here, please consult our mailing list.
<h3>General questions</h3>
<ul>
  <li><a href="#g0">What is netsniff-ng?</a></li>
  <li><a href="#g1">What are the main goals?</a></li>
  <li><a href="#g2">I like your project. Can I donate something?</a></li>
  <li><a href="#g3">How can I be notified of new releases?</a></li>
  <li><a href="#g4">Is there a mailing list?</a></li>
  <li><a href="#g5">Is there an IRC channel?</a></li>
  <li><a href="#g6">Do you have a blog? Is there a RSS feed for your blog?</a></li>
  <li><a href="#g7">Can you change the design of your blog?</a></li>
  <li><a href="#g8">Why can't I post comments to your blog?</a></li>
  <li><a href="#g9">Is there a commercial support?</a></li>
  <li><a href="#g10">How good is the throughput of RX_RING/TX_RING?</a></li>
  <li><a href="#g11">Are the statistics generated by ifpps 'reliable'?</a></li>
</ul>

<h3>Usage questions</h3>
<ul>
  <li><a href="#u0">What's a primer document and why should I read it first?</a></li>
  <li><a href="#u1">What platforms are supported?</a></li>
  <li><a href="#u2">What libraries are required?</a></li>
  <li><a href="#u3">What version of netsniff-ng should I use?</a></li>
  <li><a href="#u4">Can netsniff-ng read network dumps of Wireshark or others and vice versa?</a></li>
  <li><a href="#u5">How can I create Berkeley Packet Filters?</a></li>
  <li><a href="#u6">I've created a custom Berkeley Packet Filter program with tcpdump, but netsniff-ng cuts the packet payload?</a></li>
  <li><a href="#u7">How do I sniff in a switched environment?</a></li>
  <li><a href="#u8">Can I run netsniff-ng as a normal user?</a></li>
</ul>

<h3>Licensing questions</h3>
<ul>
  <li><a href="#l0">What's the license of netsniff-ng?</a></li>
  <li><a href="#l1">Can you change your license e.g. to BSD or have you ever considered it?</a></li>
  <li><a href="#l2">Can I use netsniff-ng commercially?</a></li>
  <li><a href="#l3">Can I use netsniff-ng as a part of my commercial product?</a></li>
  <li><a href="#l4">How much does netsniff-ng cost?</a></li>
  <li><a href="#l5">Really, then why are you doing this?</a></li>
</ul>

<h3>Development questions</h3>
<ul>
  <li><a href="#d0">Do you have release cycles?</a></li>
  <li><a href="#d1">Can you add feature xy to netsniff-ng?</a></li>
  <li><a href="#d2">Are there other source repositories than on your homepage?</a></li>
  <li><a href="#d3">Is your GoogleCode page still up to date?</a></li>
  <li><a href="#d4">Can I participate in the development of netsniff-ng?</a></li>
  <li><a href="#d5">How do I post a patch?</a></li>
  <li><a href="#d6">How do I use Git?</a></li>
  <li><a href="#d8">Will you ship a GUI like Wireshark?</a></li>
  <li><a href="#d9">Will you support the future pcapng (so called 'PCAP Next Generation Dump File Format') format?</a></li>
  <li><a href="#d10">Do you plan some fancy version other than kernelspace RX_RING/TX_RING?</a></li>
  <li><a href="#d11">Will you support the PF_RING from the ntop project?</a></li>
  <li><a href="#d13">Are you also maintaining distribution specific packages?</a></li>
  <li><a href="#d14">Will you port netsniff-ng to Windows?</a></li>
  <li><a href="#d15">Will you port netsniff-ng to *BSD?</a></li>
  <li><a href="#d16">Do you have your own devel trees? Which one should I patch against?</a></li>
</ul>

<h3>Misc questions</h3>
<ul>
  <li><a href="#m0">Why don't you answer my mails? Isn't that rude?</a></li>
  <li><a href="#m1">How do you pronounce netsniff-ng?</a></li>
  <li><a href="#m2">Do you have netsniff-ng t-shirts?</a></li>
  <li><a href="#m3">I've got some artwork for you!?</a></li>
</ul>

<p>
<hr>

<div>
<h3><a name="g0">What is netsniff-ng?</a></h3>
<blockquote>
<p>
netsniff-ng is a high performance Linux network sniffer for packet inspection. The project started during my B. Sc. thesis at the Max Planck Institute and continued to grow into a useful toolkit ever since. At the time of its initial development, the famous libpcap library did not support the zero-copy extensions of the Linux kernel. Therefore, I closed this gap by developing a sniffer that had a significantly better performance than existing ones that used libpcap.
</blockquote>
</div>

<div>
<h3><a name="g1">What are the main goals?</a></h3>
<blockquote>
<p>
netsniff-ngs main goal is to be a <i>high performance</i> network sniffer that focuses on <i>usability</i>, <i>robustness</i> and <i>functionality</i>. Its aim is to support the daily work for networking engineers, developers, admins or Linux users by providing support with or in network monitoring, protocol analysis, reverse engineering, network debugging and penetration testing. Also, since 0.5.6.0 we've added further tools for high-performance traffic generation and reliable top-like networking statistics.
</blockquote>
</div>

<div>
<h3><a name="g2">I like your project. Can I donate something?</a></h3>
<blockquote>
<p>
Sure, we're always happy to hear that. If you think this software is good, then please consider <a href="http://flattr.com/thing/421382/gnumaniacs-devs" target="_blank">donating</a> (Flattr) some money for our development. For non-money stuff, we'd prefer hardware like servers, switches, routers, access points, specific NICs or wireless cards or other (also exotic) kinds of embedded systems in order to do research, test our software and integrate new features. You are welcome to leave us a short message at <script type="text/javascript">InsertMail("daniel", "netsniff-ng", "org");</script>.
</blockquote>
</div>

<div>
<h3><a name="g3">How can I be notified of new releases?</a></h3>
<blockquote>
<p>
New releases will be announced on our homepage, mailing list and Freshmeat. We have a project page <a href="http://freshmeat.net/projects/netsniff-ng/">at Freshmeat</a> where you can subscribe.
</blockquote>
</div>

<div>
<h3><a name="g4">Is there a mailing list?</a></h3>
<blockquote>
<p>
Yes, of course there is. It's a moderated, spam-free mailing list on GoogleGroups where you can add yourself and post your questions to <script type="text/javascript">InsertMail("netsniff-ng", "googlegroups", "com");</script>.
</blockquote>
</div>

<div>
<h3><a name="g5">Is there an IRC channel?</a></h3>
<blockquote>
<p>
Sometimes we're reachable via <a href="irc://irc.freenode.net/netsniff-ng">#netsniff-ng</a> which is located at <a href="http://freenode.net/irc_servers.shtml">Freenode</a>.
</blockquote>
</div>

<div>
<h3><a name="g6">Do you have a blog? Is there a RSS feed for your blog?</a></h3>
<blockquote>
<p>
Yes, it's <a href="http://dev.netsniff-ng.org/">http://dev.netsniff-ng.org/</a>. The RSS feed can be found here: <a href="http://blog.cryptoism.org/t_netsniff-ng.xml">http://blog.cryptoism.org/t_netsniff-ng.xml</a>
</blockquote>
</div>

<div>
<h3><a name="g7">Can you change the design of your blog?</a></h3>
<blockquote>
<p>
No, sorry. ;-)
</blockquote>
</div>

<div>
<h3><a name="g8">Why can't I post comments to your blog?</a></h3>
<blockquote>
<p>
Because we like HTML too much. ;-) Moderating all those comments costs too much time that we could also spend on development. If you'd like to discuss certain issues, then please use our mailing list.
</blockquote>
</div>

<div>
<h3><a name="g9">Is there a commercial support?</a></h3>
<blockquote>
<p>
No.
</blockquote>
</div>

<div>
<h3><a name="g10">How good is the throughput of RX_RING/TX_RING?</a></h3>
<blockquote>
<p>
Have a look at our <a href="http://wiki.netsniff-ng.org">Wiki</a> within the benchmark section. For instance, on commodity hardware with Gigabit-Ethernet, we've reached nearly wirespeed with <i>trafgen</i> (64 Byte, 1.2 Mio pps).
</blockquote>
</div>

<div>
<h3><a name="g11">Are the statistics generated by ifpps 'reliable'?</a></h3>
<blockquote>
<p>
Yes. The statistics are extracted from the kernel directly, so this is what the NICs device driver gets to see. There is <i>no</i> sniffing or the like involved to generate these figures.
</blockquote>
</div>

<div>
<h3><a name="u0">What's a primer document and why should I read it first?</a></h3>
<blockquote>
<p>
It's netsniff-ngs manpage. The manpage is shipped with the latest stable netsniff-ng release. Everything that needs to be known for using netsniff-ng is documented within this manpage.
</blockquote>
</div>

<div>
<h3><a name="u1">What platforms are supported?</a></h3>
<blockquote>
<p>
Currently only operating systems running on Linux kernels with <i>CONFIG_PACKET_MMAP</i> enabled. This feature can be found even back to the days of 2.4 kernels. Most operating systems ship pre-compiled kernels that have this config option enabled and even the latest kernel versions got rid of this option and have this functionality built-in. However, we recommend using a kernel >= 2.6.31, because the TX_RING support has been added since then.
</blockquote>
</div>

<div>
<h3><a name="u2">What libraries are required?</a></h3>
<blockquote>
<p>
Well, for version 0.5.5.0 <i>libc</i> is the only one. Most operating systems already have their <i>libc</i> shipped. That's it, nothing else. For version 0.5.6.0 you'll need <i>libncurses</i>, <i>zlib</i>, <i>libgcrypt</i>. All of them are usually available via your operating systems packet management system.
</blockquote>
</div>

<div>
<h3><a name="u3">What version of netsniff-ng should I use?</a></h3>
<blockquote>
<p>
That depends. If you prefer to use the latest features, use the version that is marked as <i>-next</i> on the frontpage. The source is available via tarball and Git. Note that <i>-next</i> is our development tree and nearly daily changes are made. Otherwise there is a stable version that is usually recommended.
</blockquote>
</div>

<div>
<h3><a name="u4">Can netsniff-ng read network dumps of Wireshark or others and vice versa?</a></h3>
<blockquote>
<p>
Yes, if the dumps are formatted as <i>pcap</i> files. This is default on Wireshark for instance. On the other hand, Wireshark can also read netsniff-ng dumps.
</blockquote>
</div>

<div>
<h3><a name="u5">How can I create Berkeley Packet Filters?</a></h3>
<blockquote>
<p>
If you want to run netsniff-ng in combination with <i>-f</i> or <i>--filter &lt;file&gt;</i> you need to build a so called Berkeley Packet Filter program within a plaintext file (here, marked as: <i>&lt;file&gt;</i>). The Berkeley Packet Filters language description can be obtained from netsniff-ngs documentation <a href="bpf.pdf">section</a>. One way to create a custom filter for the non-lazy people is to hack the opcodes by hand according to the specification. In this case you have all the freedom to build your filters for your needs. The alternative way is to use tcpdumps <i>-dd</i> option. Simply pipe the output into a textfile and pass this to netsniff-ng.
<p>
Furthermore, we already ship some common filters and we are planning our own filter compiler! Most distributions put these files into <i>/etc/netsniff-ng/rules/</i>.
</blockquote>
</div>

<div>
<h3><a name="u6">I've created a custom Berkeley Packet Filter program with tcpdump, but netsniff-ng cuts the packet payload?</a></h3>
<blockquote>
<p>
If you try to create custom socket filters with tcpdump <i>-dd</i>, you have to edit the <i>ret</i> opcode (<i>0x6</i>) of the resulting filter, otherwise your payload will be cut off:
<p>
<i>0x6, 0, 0, 0xFFFFFFFF</i> instead of <i>0x6, 0, 0, 0x00000060</i>
<p>
The Linux kernel now takes <i>skb-&gt;len</i> instead of 0xFFFFFFFF. If you do not change it, the kernel will take 0x00000060 as buffer length and packets larger than 96 Byte will be cut off (filled with zero Bytes)! It's a bug in libpcaps filter compiler. Detailed information about this issue can be found on our <a href="http://dev.netsniff-ng.org/#4">blog post</a>.
</blockquote>
</div>

<div>
<h3><a name="u7">How do I sniff in a switched environment?</a></h3>
<blockquote>
<p>
I rudely refer to the <i>dSniff</i> documentation that says:
<p>
The easiest route is simply to impersonate the local gateway, stealing client traffic en route to some remote destination. Of course, the traffic must be forwarded by your attacking machine, either by enabling kernel IP forwarding or with a userland program that acccomplishes the same (fragrouter -B1).
<p>
Several people have reportedly destroyed connectivity on their LAN to the outside world by arpspoof'ing the gateway, and forgetting to enable IP forwarding on the attacking machine. Don't do this. You have been warned.
</blockquote>
</div>

<div>
<h3><a name="u8">Can I run netsniff-ng as a normal user?</a></h3>
<blockquote>
<p>
No, you need to be <i>root</i> on your box in oder to run netsniff-ng.
</blockquote>
</div>

<div>
<h3><a name="l0">What's the license of netsniff-ng?</a></h3>
<blockquote>
<p>
It's the GNU GPL, version 2. <a href="http://www.gnu.org/licenses/gpl-2.0.txt">Here</a>'s the licensing text.
</blockquote>
</div>

<div>
<h3><a name="l1">Can you change your license e.g. to BSD or have you ever considered it?</a></h3>
<blockquote>
<p>
No. We've thought this through and the GPL version 2 is the best that suits our needs.
</blockquote>
</div>

<div>
<h3><a name="l2">Can I use netsniff-ng commercially?</a></h3>
<blockquote>
<p>
Yes, if you mean "I work for a commercial organization and I'd like to use netsniff-ng for capturing and analyzing network traffic in our company's networks or in our customer's networks.".
<p>
It depends, if you mean "Can I use netsniff-ng as a part of my commercial product?". See below.
</blockquote>
</div>

<div>
<h3><a name="l3">Can I use netsniff-ng as a part of my commercial product?</a></h3>
<blockquote>
<p>
As long as your commercial product then stays compatible with the <a href="http://www.gnu.org/licenses/gpl-2.0.txt">GNU GPL, version 2</a>, then it should be no problem. Have a look at the <a href="http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html">frequently asked questions</a> of gnu.org in order to clarify your questions.
</blockquote>
</div>

<div>
<h3><a name="l4">How much does netsniff-ng cost?</a></h3>
<blockquote>
<p>
netsniff-ng is "free software"; you can download it without paying any license fee. The version of netsniff-ng you download isn't a "demo" version, with limitations not present in a "full" version; it is the full version. And the good thing is: it will always stay that way!
<p>
netsniff-ng is licensed under the GNU GPL, version 2. Read more about this <a href="http://www.gnu.org/licenses/gpl-2.0.txt">here</a>.
</blockquote>
</div>

<div>
<h3><a name="l5">Really, then why are you doing this?</a></h3>
<blockquote>
<p>
For the fun and freedom of contributing to the open source community and for learning and researching purposes. Simple, isn't it?
</blockquote>
</div>

<div>
<h3><a name="d0">Do you have release cycles?</a></h3>
<blockquote>
<p>
No, we don't. We used to, but since netsniff-ng is a spare time project and sometimes there's lots of other stuff to do and sometimes not, we think we are more flexible this way without making hard deadline promises. Nevertheless, netsniff-ng is a long-term project, so even if there's hard times for weeks of not pushing to Git, there will be others with the opposite situation. We think netsniff-ng is useful for our daily network engineering work and research and we will do our best that it stays this way! This should be your take-home message! ;-)
</blockquote>
</div>

<div>
<h3><a name="d1">Can you add feature xy to netsniff-ng?</a></h3>
<blockquote>
<p>
Well, that depends. If it's a good feature and you make us think that adding this would make sense, then why not. You are also free to discuss this specific feature with us and post a patch.
</blockquote>
</div>

<div>
<h3><a name="d2">Are there other source repositories than on your homepage?</a></h3>
<blockquote>
<p>
No! Only the repositories stated on our homepage are <a href="http://repo.or.cz/w/netsniff-ng.git/">official</a> ones!
</blockquote>
</div>

<div>
<h3><a name="d3">Is your GoogleCode page still up to date?</a></h3>
<blockquote>
<p>
No, it isn't. We completely moved to <i>repo.or.cz</i> and do <i>not</i> use any of the functionality from GoogleCode. Please consider our repo.or.cz page <a href="http://repo.or.cz/w/netsniff-ng.git">http://repo.or.cz/w/netsniff-ng.git</a> as our official repository.
</blockquote>
</div>

<div>
<h3><a name="d4">Can I participate in the development of netsniff-ng?</a></h3>
<blockquote>
<p>
Sure, we'd be happy about that. Send us your ideas or code and we're going to evaluate and probably integrate it. Have a look at the HACKING file. The release Git repository is located at <a href="http://repo.or.cz/w/netsniff-ng.git">http://repo.or.cz/w/netsniff-ng.git</a>, so you are free to clone and hack.
</blockquote>
</div>

<div>
<h3><a name="d5">How do I post a patch?</a></h3>
<blockquote>
<p>
Have a look at the HACKING file of netsniff-ngs source for further instructions.
</blockquote>
</div>

<div>
<h3><a name="d6">How do I use Git?</a></h3>
<blockquote>
<p>
Have a look at the Git documentation at <a href="http://www.kernel.org/pub/software/scm/git/docs/">http://www.kernel.org/pub/software/scm/git/docs/</a>.
</blockquote>
</div>

<div>
<h3><a name="d8">Will you ship a GUI like Wireshark?</a></h3>
<blockquote>
<p>
Probably not, at least this is not our main interest. netsniff-ng is intened to run on any Linux boxes including the ones without graphical user interfaces, so that you are able to run netsniff-ng on your server or router. But of course, you are free to develop a GUI and let us know about it! :-)
</blockquote>
</div>

<div>
<h3><a name="d9">Will you support the future pcapng (so called 'PCAP Next Generation Dump File Format') format?</a></h3>
<blockquote>
<p>
Yes, we're planning it.
</blockquote>
</div>

<div>
<h3><a name="d10">Do you plan some fancy version other than kernelspace RX_RING/TX_RING?</a></h3>
<blockquote>
<p>
We're experimenting on our own kernelspace zero-copy mechanism and also enhancements of the PACKET_MMAP. Nevertheless, the official netsniff-ng version will have the kernel-supported packet mmap, as is. If our findings really outperform the RX_RING/TX_RING and are worth publishing, then it will be shipped as a patch and contribute it to netdev.
</blockquote>
</div>

<div>
<h3><a name="d11">Will you support the PF_RING from the ntop project?</a></h3>
<blockquote>
<p>
Well, no. There are two reasons for this: <i>First reason</i> is, that it's not part of the mainline kernel. A interesting discussion about getting PF_RING into the kernel can be found at the netdev lists (<a href="http://lists.openwall.net/netdev/2009/10/14/37">http://lists.openwall.net/netdev/2009/10/14/37</a>) and obviously there are no further efforts (browse the netdev/LKML, also <a href="http://www.spinics.net/lists/netfilter-devel/msg20212.html">netfilter</a>) from the ntop project to merge both architectures or add features to PF_PACKET. <i>Second reason</i> is that we've evaluated the PF_RING (without the commercial Direct NIC Access [DNA]) regarding its performance and came to the conclusion, that there is no significant performance enhancement on our IBM HS21 Bladeserver test system. ntopi's DNA ships its own versions of some modified device drivers like Broadcoms tg3 and NetXtreme, Intels e1000(e), igb and ixgbe. Since these modifications are not official, neither to the kernel, nor to the vendors and cover only a small amout of what is out there, we're not doing further investigations at the moment. Also, netsniff-ng users have reported similar observations. A benchmark with PF_RING in transparent_mode 0 and 1 is even slower than netsniff-ng and in transparent_mode 2 both have the same performance. The test was done on a Dell PowerEdge 2850. Nevertheless, <a href="http://www.ntop.org/">ntop</a> is a very interesting project you definately should check out!
</blockquote>
</div>

<div>
<h3><a name="d13">Are you also maintaining distribution specific packages?</a></h3>
<blockquote>
<p>
Yes, but only for <a href="http://packages.qa.debian.org/n/netsniff-ng.html">Debian GNU/Linux</a>, which then automatically gets updated in some other distros like <a href="http://grml.org">GRML</a>. People that maintain netsniff-ng in other distributions are listed within the CREDITS file.
</blockquote>
</div>

<div>
<h3><a name="d14">Will you port netsniff-ng to Windows?</a></h3>
<blockquote>
<p>
No, at least <i>we</i> are not doing this simply because we don't have any Windows box! Why would we? Why would we encourage people to stay at a fucked up operating system? Have a look at the FSF site for more information, if you don't know why you should switch to Linux or *BSD.
</blockquote>
</div>

<div>
<h3><a name="d15">Will you port netsniff-ng to *BSD?</a></h3>
<blockquote>
<p>
Could be possible for the future.
</blockquote>
</div>

<div>
<h3><a name="d16">Do you have your own personal devel trees? Which one should I patch against?</a></h3>
<blockquote>
<p>
Yes, we have. Emmanuels devel tree is at <a href="http://github.com/eroullit/netsniff-ng/">http://github.com/eroullit/netsniff-ng/</a> and Daniels devel tree can be found at <a href="http://repo.or.cz/w/netsniff-ng.git">http://repo.or.cz/w/netsniff-ng.git</a>. Unlike otherwise clarified, you normally patch against the tree stated on our website, which is <a href="http://repo.or.cz/w/netsniff-ng.git">http://repo.or.cz/w/netsniff-ng.git</a>.
</blockquote>
</div>

<div>
<h3><a name="m0">Why don't you answer my mails? Isn't that rude?</a></h3>
<blockquote>
<p>
No, it isn't rude. We're focusing on answering every mail, but in some rare cases it's mostly because of sheer lack of time to answer each email that gets sent to us. Furthermore, some hints for writing good e-mails can be found in <a href="http://www.ietf.org/rfc/rfc2635.txt">rfc2635</a> and <a href="http://www.ietf.org/rfc/rfc1855.txt">rfc1855</a>.
</blockquote>
</div>

<div>
<h3><a name="m1">How do you pronounce netsniff-ng?</a></h3>
<blockquote>
<p>
<code>$ flite -o play -t "netsniff n g"</code>
</blockquote>
</div>

<div>
<h3><a name="m2">Do you have netsniff-ng t-shirts, ...?</a></h3>
<blockquote>
<p>
Yes, <a href="http://netsniff-ng.spreadshirt.de/">here</a> (note: we do not take any commission for the products).
</blockquote>
</div>

<div>
<h3><a name="m3">I've got some artwork for you!?</a></h3>
<blockquote>
<p>
Great! We'd very much like to see it. Please mail it to us ;-)
</blockquote>
</div>

<p>
<a href="http://www.debian.org/"><img src="http://netsniff-ng.org/img/debian.png" border="0" alt="powered by Debian"></a>&nbsp;
<a href="http://www.vim.org/"><img src="http://netsniff-ng.org/img/vim.png" border="0" alt="powered by vim"></a>&nbsp;
<a href="http://www.anybrowser.org/campaign/"><img src="http://netsniff-ng.org/img/vt100.gif" border="0" alt="best viewed with vt100"></a>&nbsp;
<a href="http://eupat.ffii.org/"><img src="http://netsniff-ng.org/img/no_epatent.png" border="0" alt="no epatents"></a>&nbsp;
<a href="http://www.laquadrature.net/"><img src="http://netsniff-ng.org/img/qdn.png" border="0" alt="qdn"></a>

<table border="0" width="90%">
<tr>
  <td>
    <code>Copyright (C) 2009-2012 <a href="http://gnumaniacs.org">Daniel Borkmann</a> 
    <script type="text/javascript">InsertMail("daniel", "netsniff-ng", "org");</script> 
    and
    <a href="http://emmanuel.netsniff-ng.org">Emmanuel Roullit</a> 
    <script type="text/javascript">InsertMail("emmanuel", "netsniff-ng", "org");</script>
    </code><br>
  </td>
</tr>
</table>

</body>
</html>