|
|
|
netsniff-ng is a free, performant Linux networking toolkit.
The gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.
For this purpose, the netsniff-ng toolkit is libpcap independent (note: libpcap starting from 1.0.0 also supports zero-copy for capturing), but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. Furthermore, we are focussing on building a robust and clean analyzer and utilities that complete netsniff-ng as a support for network development, debugging or network reconnaissance.
The netsniff-ng toolkit consists of the following utilities:
Source control
There's a public Git repository at https://github.com/gnumaniacs/netsniff-ng (mirror, mirror) where you can check out the entire code base. If you are curious about the latest development happenings, you really might prefer our Git master's branch instead of the tarballs within our public archive. However, in case of the tarballs, you might want to check the downloaded archives for inconsistencies with md5sum -c MD5SUMS or sha256sum -c SHA256SUMS.
Documents
There is a netsniff-ng frequently asked question site and for participating in development have a look at the documentation files within the source code, especially the CODING and HACKING files. Here is also a FAQ about the GNU GPL version 2, under which netsniff-ng is licensed.
For reporting bugs please use our bug tracking system or write an e-mail to .
Contribute
If you think this software is great, then please consider donating (Flattr) some money to help us to keep up development, server fees, or travelling costs for conferences. If you would like to help otherwise, we would like to see more people to:
Currently, netsniff-ng is only available for Linux platforms. If you have a port for *BSD, let us know for merging your port into the main source tree. However, please do NOT PORT netsniff-ng to Windows! (Here is a nice explanation why; we really share Felix von Leitner's point of view.)
The manpage (PDF) of each stable release of netsniff-ng will cover all of the usage details. We also have a frequently asked question page. Furthermore, the documents within the source will give you some useful information.
To dig into the inner workings of the Berkeley Packet Filter architecture have a look at this.
Documentation about the packet_mmap architecture with pf_packet sockets for the Linux kernel can be downloaded from http://www.kernel.org/ under packet_mmap.txt.
A mailing list for netsniff-ng moderated (spam free) user discussions is open to the public. Subscribe and mail to . There's also an archive at Gmane and a searchable archive.
Before posting questions, have a look at our FAQ.
Distribution specific packages -- a huge thanks to our awesome maintainers -- may be found here:
Some documents and other resources may be found here:
Note: If your netsniff-ng related project / article / paper / ... should be added here, simply drop us a mail.
| Copyright (C) 2009-2011 Daniel Borkmann and Emmanuel Roullit |
