| blob | b1f8866e9777dc95cb8a783a3a841e020bcb7b64 |
1 ////////////////////////////////////////////////////////////////
3 netsniff-ng - the packet sniffing beast
5 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
7 . .
8 /( )\
9 .' {______} '.
10 \ ^, ,^ /
11 netsniff-ng is a free, performant |'O\ /O'| _.<0101011>--
12 Linux network analyzer and > `' '` < /
13 networking toolkit. ) ,.==., ( |
14 (|/--~~--\|)-'
15 /
16 ( ___
17 \__.=|___E
19 The gain of performance is reached by 'zero-copy' mechanisms, so that the
20 kernel does not need to copy packets from kernelspace to userspace and vice
21 versa.
23 For this purpose netsniff-ng is libpcap independent, but nevertheless supports
24 the pcap file format for capturing, replaying and performing offline-analysis
25 of pcap dumps. Furthermore we are focussing on building a robust, clean and
26 secure analyzer and utilities that complete netsniff-ng as a support for the
27 the daily work of system administrators, networking engineers, researchers or
28 security specialists.
30 The netsniff-ng toolkit [1] currently consists of the following utilities:
32 * netsniff-ng: the 'zero-copy' sniffer (and pcap replayer) itself
33 * arppoison: an ARP cache poisoning utility (todo)
34 * trafgen: a powerful 'zero-copy' network packet generator
35 * tgsh: a trafgen Cisco-like frontend shell for appliances (todo)
36 * flowtop: a top-like netfilter connection tracking tool (todo)
37 * curvetun: a lightweight curve25519-based multiuser IP tunnel
38 * ashunt: an Autonomous System trace route utility
39 * bpfc: a tiny Berkeley Packet Filter compiler supporting kernel extensions
40 * ifpps: a top-like kernel networking statistics tool
42 The netsniff-ng toolkit is an Open Source project covered by the GNU General
43 Public License. For any questions or feedback about netsniff-ng you are welcome
44 to leave us a message to <workgroup@netsniff-ng.org>. This project is purely
45 non-commercial and will always stay that way! netsniff-ng is primary developed
46 by Daniel Borkmann and Emmanuel Roullit [8].
48 Also, have a look at our FAQ [2] for answering your questions. Furthermore,
49 we have a development blog [3] where we sometimes drop some interesting things
50 or news for the outside world! A public repository of the old stable releases
51 (which you probably do not want to have a look at), can be found here [4].
53 Sometimes we also hang out in IRC at #netsniff-ng on freenode.org. A mailing
54 list for netsniff-ng moderated (spam free) user discussions is open to the
55 public, too. Subscribe and mail to <netsniff-ng@googlegroups.com>.
57 By the way, some notes on zero-copy ... You might want to have NAPI drivers [5]
58 enabled in your kernel to reduce interrupt load and for high-speed (= relative
59 to the CPU speed) PCAP dumping and replay, a fast SSD isn't too bad either,
60 and make sure to use netsniff-ngs scatter/gather or mmap I/O options. Next to
61 this, (and this refers to packet generation as well), a 10-Gbit/s-Ethernet
62 NIC, an appropriate amount of RAM and a fast CPU is recommended. Furthermore,
63 you should bind the netsniff-ng tools to a specific CPU via commandline option
64 (i.e. --bind 0). Some further recommendations can be found in [6] [9]. Also,
65 Eric Dumazets BPF Just-in-Time compiler can speed up the critical path [7].
67 You might want to have a look at INSTALL, REPORTING-BUGS, HACKING, CODING,
68 and COPYING, too. Anyways, enough talking from my side and happy packet
69 hacking!
71 [1] http://netsniff-ng.org/
72 [2] http://netsniff-ng.org/faq.html
73 [3] http://dev.netsniff-ng.org/
74 [4] http://pub.netsniff-ng.org/
75 [5] http://www.linuxfoundation.org/collaborate/workgroups/networking/napi
76 [6] http://datatag.web.cern.ch/datatag/howto/tcp.html
77 [7] http://thread.gmane.org/gmane.linux.network/191115
78 [8] git shortlog -s -n | perl -pe 's/^\s*(\d+)\s+(.+)$/$2 ($1)/g'
79 [9] http://timetobleed.com/useful-kernel-and-driver-performance-tweaks-for-your-linux-server/