4 netsniff-ng is a high performance Linux network sniffer for packet
5 inspection. Basically, it is similar to tcpdump, but it doesn't
6 need one syscall per packet. Instead, it uses an memory mapped area
7 within kernelspace for accessing packets without copying them to
8 userspace (zero-copy mechanism).
10 This tool is useful for debugging your network, measuring performance
11 throughput or creating network statistics of incoming packets on
12 central network nodes like routers or firewalls.
14 By providing an unix domain socket client, you're able to export
15 collected data during runtime (e.g. for Nagios).
22 o Zero-Copy mode via memory mapped kernel RX_RING (no syscalls for
23 packet-fetching as in libpcap)
24 o No extra callback function for each packet (as in libpcap)
27 * Promiscuous Mode support
28 * Berkeley Packet Filter support
29 * Unix Domain Socket server for data fetching during sniff
30 * Predefined filters for some protocols, e.g. possible Skype (UDP probe)
31 prefiltering (or write your own ones for accessing each byte of the frame)
32 * VLAN based sniffing possible
33 * Run it in foreground (e.g. be verbose and print packets) or as a sys daemon
34 * Support for integration of fetched statistics into Nagios
35 (check_packets plugin)
37 Requirements (for your own kernels)
38 ===================================
40 Your kernel should have been built with CONFIG_PACKET_MMAP=y in order
41 to use netsniff-ng. This is default on your preinstalled Debian kernel.
46 http://code.google.com/p/netsniff-ng/
51 Join the official support and development mailinglist of netsniff-ng:
53 Subscribe and send your questions to netsniff-ng@googlegroups.com.
54 http://groups.google.com/group/netsniff-ng
59 For bugs, improvements, cool hacks and all the rest:
61 * Daniel Borkmann <danborkmann@googlemail.com>
63 Leipzig University of Applied Science,
64 Faculty of Computer Science, Mathematics and Natural Sciences