Netsniff-Ng - A Swiss Regular Army Knife For Your Daily Linux Network Plumbing


netsniff-ng is a gratuitous Linux networking toolkit, a Swiss terra firma forces knife for your daily Linux network plumbing if you lot will.
Its gain of functioning is reached yesteryear zero-copy mechanisms, so that on parcel reception and transmission the gist does non involve to re-create packets from gist infinite to user infinite in addition to vice versa.
Our toolkit tin move used for network evolution in addition to analysis, debugging, auditing or network reconnaissance.

The netsniff-ng toolkit consists of the next utilities:
  • netsniff-ng, a fast zero-copy analyzer, pcap capturing in addition to replaying tool
  • trafgen, a multithreaded low-level zero-copy network parcel generator
  • mausezahn, high-level parcel generator for HW/SW appliances amongst Cisco-CLI*
  • bpfc, a Berkeley Packet Filter compiler, Linux BPF JIT disassembler
  • ifpps, a top-like gist networking statistics tool
  • flowtop, a top-like netfilter connector tracking tool
  • curvetun, a lightweight curve25519-based IP tunnel
  • astraceroute, an autonomous arrangement (AS) draw road utility
Get it via Git:   git clone git://github.com/netsniff-ng/netsniff-ng.git


Tools

netsniff-ng is a fast network analyzer based on parcel mmap(2) mechanisms. It tin tape pcap files to disc, replay them in addition to also produce an offline in addition to online analysis. Capturing, analysis or replay of raw 802.11 frames are supported every bit well. pcap files are also compatible amongst tcpdump or Wireshark traces. netsniff-ng processes those pcap traces either inwards scatter-gather I/O or yesteryear mmap(2) I/O.
trafgen is a multi-threaded network traffic generator based on parcel mmap(2) mechanisms. It has its ain flexible, macro-based low-level parcel configuration language. Injection of raw 802.11 frames are supported every bit well. trafgen has a significantly higher speed than mausezahn in addition to comes really approximately pktgen, but runs from user space. pcap traces tin also move converted into a trafgen parcel configuration.
mausezahn is a high-level parcel generator that tin run on a hardware-software appliance in addition to comes amongst a Cisco-like CLI. It tin arts and crafts nearly every possible or impossible packet. Thus, it tin move used, for example, to examine network behavior nether foreign circumstances (stress test, malformed packets) or to examine hardware-software appliances for several sort of attacks.
bpfc is a Berkeley Packet Filter (BPF) compiler that understands the master BPF linguistic communication developed yesteryear McCanne in addition to Jacobson. It accepts BPF mnemonics in addition to converts them into kernel/netsniff-ng readable BPF ``opcodes''. It also supports undocumented Linux filter extensions. This tin particularly move useful for to a greater extent than complicated filters, that high-level filters neglect to support.
ifpps is a tool which periodically provides top-like networking in addition to arrangement statistics from the Linux kernel. It gathers statistical information straight from procfs files in addition to does non apply whatsoever user infinite traffic monitoring that would falsify statistics on high parcel rates. For wireless, information most link connectivity is provided every bit well.
flowtop is a top-like connector tracking tool that tin run on an destination host or router. It is able to acquaint TCP or UDP flows that cause got been collected yesteryear the kernel's netfilter framework. GeoIP in addition to TCP nation machine information is displayed. Also, on destination hosts flowtop tin demo PIDs in addition to application names that flows relate to. No user infinite traffic monitoring is done, so all information is gathered yesteryear the kernel.
curvetun is a lightweight, high-speed ECDH multiuser tunnel for Linux. curvetun uses the Linux TUN/TAP interface in addition to supports {IPv4,IPv6} over {IPv4,IPv6} amongst UDP or TCP every bit carrier protocols. Packets are encrypted end-to-end yesteryear a symmetric current naught (Salsa20) in addition to authenticated yesteryear a MAC (Poly1305), where keys cause got previously been computed amongst the ECDH fundamental understanding protocol (Curve25519).
astraceroute is an autonomous arrangement (AS) draw road utility. Unlike traceroute or tcptraceroute, it non solely display hops, but also their AS information they belong to every bit good every bit GeoIP information in addition to other interesting things. On default, it uses a TCP probe parcel in addition to falls dorsum to ICMP probes inwards illustration no ICMP respond has been received.
Concluding, the toolkit is split upward into small, useful utilities that are or are non necessarily related to each other. Each programme for itself fills a gap every bit a helper inwards your daily network debugging, evolution or audit.