docs: remove link

[netsniff-ng.git] / contrib / html / index.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<title>netsniff-ng - the packet sniffing beast</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Robots" content="noarchive">

<link rel="Shortcut Icon" href="http://netsniff-ng.org/img/tiny-logo.png" type="image/png">
<link type="text/css" rel="stylesheet" media="screen" href="style.css" />

<script type="text/javascript">
  function InsertMail(mailnam,mailsvr,maildom)
  {
    document.write('&lt;<a href="mailto:' + mailnam + '@' + mailsvr + '.'
      + maildom + '">' + mailnam + '@' + mailsvr + '.' + maildom + 
      '<\/a>&gt;');
  }
</script>
</head>

<body>
<a href="https://github.com/borkmann/netsniff-ng"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_white_ffffff.png" alt="Fork me on GitHub"></a>
<blockquote>
<p>
<table border="0">
<tr>
<td>
<a href="http://netsniff-ng.org"><img src="http://netsniff-ng.org/img/logo.png" border="0" alt="netsniff-ng"></a>
</td>
<td>
<br><br><br>
<img src="http://netsniff-ng.org/img/logo2.png" border="0" alt="the packet sniffing beast">
</td>
</tr>
</table>
</blockquote>

<table border="1" width="100%" class="header"<tr><td>
<table border="0" width="90%">
<tr>
  <td valign="top" width="200" align="right">
    <b>Latest version:</b>
  </td>
  <td valign="top">
    <a href="https://github.com/borkmann/netsniff-ng/tree/master">netsniff-ng 0.5.8-next</a> (<a href="http://git.cryptoism.org/cgit.cgi/netsniff-ng.git/">M</a>, <a href="http://repo.or.cz/w/netsniff-ng.git/">M</a>, <a href="https://github.com/borkmann/netsniff-ng/tarball/master">T</a>, <a href="http://lingrok.org/xref/netsniff-ng/">X</a>, <a href="https://github.com/borkmann/netsniff-ng/tags">A</a>)<br>
    <a href="http://pub.netsniff-ng.org/netsniff-ng/netsniff-ng-0.5.7.tar.gz">netsniff-ng 0.5.7-curr</a> (<a href="http://dl.packetstormsecurity.net/sniffers/netsniff-ng-0.5.7.tar.gz">M</a>)<br>
  </td>
</tr>
</table>
</td></tr></table>
<br>
<table border="1" width="100%" class="header"><tr><td>
<table border="0" width="90%">
<tr>
  <td valign="top" width="200" align="right">
    <b>Git repository:</b>
  </td>
  <td valign="top">
    git clone git://<a href="https://github.com/borkmann/netsniff-ng">github.com/borkmann/netsniff-ng</a>.git
  </td>
</tr>
<tr>
  <td valign="top" width="200" align="right">
    <b>Git web:</b>
  </td>
  <td valign="top">
    <a href="http://src.netsniff-ng.org/">http://src.netsniff-ng.org/</a><br>
  </td>
</tr>
</table>
</td></tr></table>
<br>
<table border="1" width="100%" class="header"><tr><td>
<table border="0" width="90%">
<tr>
  <td valign="top" width="200" align="right">
    <b>Bug tracker:</b>
  </td>
  <td valign="top">
    <a href="http://bugs.netsniff-ng.org/">http://bugs.netsniff-ng.org/</a>
  </td>
</tr>
<tr>
  <td valign="top" width="200" align="right">
    <b>Mailing list:</b>
  </td>
  <td valign="top">
    via <a href="mailto:netsniff-ng@googlegroups.com">netsniff-ng@groups</a> (<a href="http://news.gmane.org/gmane.linux.network.netsniff-ng">M</a>, <a href="http://www.mail-archive.com/netsniff-ng%40googlegroups.com/">M</a>), <a href="http://tools.ietf.org/html/rfc1855">How to Post</a>
  </td>
</tr>
<tr>
  <td valign="top" width="200" align="right">
    <b>Contribute:</b>
  </td>
  <td valign="top">
    <a href="https://github.com/borkmann/netsniff-ng/blob/master/TODO">Hack the Code</a>, <a href="https://github.com/borkmann/netsniff-ng/blob/master/Documentation/SubmittingPatches">How to Hack</a>
  </td>
</tr>
</table>
</td></tr></table>

<h2>Abstract</h2>
<p>
netsniff-ng is a free, performant Linux networking toolkit.
<br><br>
The gain of performance is reached by zero-copy mechanisms, so that on packet reception <i>and</i> transmission the kernel does not need to copy packets from kernel space to user space and vice versa.
<br><br>
Our toolkit can be used for network development and analysis, debugging, auditing or network reconnaissance.
<br><br>
The netsniff-ng toolkit consists of the following utilities:
<ul>
  <li><b>netsniff-ng</b>, a high-performance zero-copy analyzer, pcap capturing and replaying tool</li>
  <li><b>trafgen</b>, a high-performance zero-copy network traffic generator</li>
  <li><b>mausezahn</b>, a packet generator and analyzer for HW/SW appliances with a Cisco-CLI</li>
  <li><b>bpfc</b>, a Berkeley Packet Filter (BPF) compiler with Linux extensions</li>
  <li><b>ifpps</b>, a top-like kernel networking and system statistics tool</li>
  <li><b>flowtop</b>, a top-like netfilter connection tracking tool</li>
  <li><b>curvetun</b>, a lightweight multiuser IP tunnel based on elliptic curve cryptography</li>
  <li><b>astraceroute</b>, an autonomous system (AS) trace route utility</li>
</ul>
<p>

<h2>Tools</h2>
<p>
<b>netsniff-ng</b> is a high-performance network analyzer based on packet mmap(2) mechanisms. It can record pcap files to disc, replay them and also do an offline and online analysis. Capturing, analysis or replay of raw 802.11 frames are supported as well. pcap files are also compatible with tcpdump or Wireshark traces. netsniff-ng processes those pcap traces either in scatter-gather I/O or by mmap(2) I/O.
<p>
<b>trafgen</b> is a high-performance network traffic generator based on packet mmap(2) mechanisms. It has its own flexible, macro-based low-level packet configuration language. Injection of raw 802.11 frames are supported as well. trafgen has a significantly higher speed than mausezahn and comes very close to pktgen, but runs from user space. pcap traces can also be converted into a trafgen packet configuration.
<p>
<b>mausezahn</b> is a performant high-level packet generator that can run on a hardware-software appliance and comes with a Cisco-like CLI. It can craft nearly every possible or impossible packet. Thus, it can be used, for example, to test network behaviour under strange circumstances (stress test, malformed packets) or to test hardware-software appliances for several kind of attacks.
<p>
<b>bpfc</b> is a Berkeley Packet Filter (BPF) compiler that understands the original BPF language developed by McCanne and Jacobson. It accepts BPF mnemonics and converts them into kernel/netsniff-ng readable BPF ``opcodes''. It also supports undocumented Linux filter extensions. This can especially be useful for more complicated filters, that high-level filters fail to support.
<p>
<b>ifpps</b> is a tool which periodically provides top-like networking and system statistics from the Linux kernel. It gathers statistical data directly from procfs files and does not apply any user space traffic monitoring that would falsify statistics on high packet rates. For wireless, data about link connectivity is provided as well.
<p>
<b>flowtop</b> is a top-like connection tracking tool that can run on an end host or router. It is able to present TCP or UDP flows that have been collected by the kernel's netfilter framework. GeoIP and TCP state machine information is displayed. Also, on end hosts flowtop can show PIDs and application names that flows relate to. No user space traffic monitoring is done, thus all data is gathered by the kernel.
<p>
<b>curvetun</b> is a lightweight, high-speed ECDH multiuser VPN for Linux. curvetun uses the Linux TUN/TAP interface and supports {IPv4,IPv6} over {IPv4,IPv6} with UDP or TCP as carrier protocols. Packets are encrypted end-to-end by a symmetric stream cipher (Salsa20) and authenticated by a MAC (Poly1305), where keys have previously been computed with the ECDH key agreement protocol (Curve25519).
<p>
<b>astraceroute</b> is an autonomous system (AS) trace route utility. Unlike traceroute or tcptraceroute, it not only display hops, but also their AS information they belong to as well as GeoIP information and other interesting things. On default, it uses a TCP probe packet and falls back to ICMP probes in case no ICMP answer has been received.
<p>
Concluding, the toolkit is split into small, useful utilities that are or are not necessarily related to each other. Each program for itself fills a gap as a helper in your daily network debugging, development or audit. Here's a big picture:
<p>
<center><img src="img/bp.png" border="0"></center>

<h2>Development</h2>
<p>
<b>Source control</b>
<p>
There's a public Git repository at <a href="https://github.com/borkmann/netsniff-ng">GitHub</a> where you can check out the entire code base. If you are curious about the latest development happenings, you really might prefer our Git master's branch instead of the tarballs within our <a href="http://pub.netsniff-ng.org/">public archive</a>. For tamper resistant downloading, clone the Git repository and checkout the corresponding version tag.
<p>
<b>Documents</b>
<p>
There is a netsniff-ng <a href="faq.html">frequently asked question</a> site and for participating in development have a look at the documentation files within the source code. <a href="http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html">Here</a> is also a FAQ about the GNU GPL version 2, under which netsniff-ng is licensed.
<p>
For reporting bugs please use our <a href="http://bugs.netsniff-ng.org/">bug tracking system</a> or write an e-mail to <script type="text/javascript">InsertMail("bugs", "netsniff-ng", "org");</script>.
<p>
<b>Contribute</b>
<p>
If you think this software is great, then please consider to contribute in one of the following ways:
<ul>
  <li>Review and contribute to the <a href="https://github.com/borkmann/netsniff-ng">source code</a> (see <a href="https://github.com/borkmann/netsniff-ng/blob/master/TODO">todo</a> file)</li>
  <li>Add or improve documentation, Man-pages, write interesting howtos or blog articles</li>
  <li>Mention us in your talks at conferences</li>
  <li>Maintain distribution specific packages</li>
  <li>Donate hardware, networking equipment, especially for 10-Gbit/s-Ethernet</li>
  <li>Test netsniff-ng on your specific platform, especially on non-x86/x86_64</li>
</ul>
<p>
Currently, netsniff-ng is only available for Linux platforms. If you have a port for *BSD, let us know for merging your port into the main source tree. However, please do not port netsniff-ng to Windows or other proprietary junk software! Here is a nice explanation why; we share Felix von Leitner's <a href="http://www.fefe.de/nowindows/">point of view</a>.

<h2>Documentation</h2>
<p>
The best way to get a good overview of what it is all about and how the tools work is to look into the <a href="https://github.com/borkmann/netsniff-ng/tree/master/Documentation">``Documentation'' section</a> of the netsniff-ng source code repository. This already covers a lot you need to know.
<p>
Then, the man page of each stable release of netsniff-ng will cover all of the usage details, also if you start each tool with ``--help'' additional examples are provided. Man pages are included within the source code distribution package. We also have a <a href="faq.html">frequently asked question</a> page. Moreover, see the Wikipedia <a href="http://en.wikipedia.org/wiki/Netsniff-ng">article</a> people wrote about netsniff-ng. If all of this is not enough, you can write your question to our <a href="http://groups.google.com/group/netsniff-ng">mailing list</a>, or google for it on third party sites.
<p>
To dig into the inner workings of the Berkeley Packet Filter architecture, have a look at <a href="bpf.pdf">this</a>. Documentation about the ``packet_mmap'' architecture with ``pf_packet'' sockets for the Linux kernel can be downloaded from <a href="http://www.kernel.org/">kernel.org</a> under <a href="http://lxr.linux.no/linux+v3.2.9/Documentation/networking/packet_mmap.txt">packet_mmap.txt</a>.

<h2>Support</h2>
<p>
A mailing list for netsniff-ng moderated (spam free) user discussions is open to the <a href="http://groups.google.com/group/netsniff-ng">public</a>. Subscribe and mail to <script type="text/javascript">InsertMail("netsniff-ng", "googlegroups", "com");</script>. There's also an archive at <a href="http://dir.gmane.org/gmane.linux.network.netsniff-ng">Gmane</a> and a <a href="http://www.mail-archive.com/netsniff-ng%40googlegroups.com/">searchable archive</a>.
<p>
Before posting questions, have a look at our <a href="faq.html">FAQ</a>.
<br><br>
<table border="0" width="90%">
<tr>
  <td>
    <code>Copyright (C) 2009-2013 Daniel Borkmann
    <script type="text/javascript">InsertMail("daniel", "netsniff-ng", "org");</script> 
    and <a href="https://github.com/borkmann/netsniff-ng/blob/master/AUTHORS">contributers</a>
    </code><br>
  </td>
</tr>
</table>

</body>
</html>