Original author(s) | Initial release December, 2009 | |
![]() | ||
Developer(s) Daniel Borkmann, Tobias Klauser, Herbert Haas, Emmanuel Roullit, Markus Amend and many others Stable release 0.5.8 / April 29, 2014; 2 years ago (2014-04-29) Preview release 0.5.9-rc4 / September 1, 2014; 2 years ago (2014-09-01) Repository github.com/netsniff-ng/netsniff-ng |
netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets (RX_RING, TX_RING), so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg(). libpcap, starting with release 1.0.0, also supports the zero-copy mechanism on Linux for capturing (RX_RING), so programs using libpcap also use that mechanism on Linux.
Contents
Overview
netsniff-ng was initially created as a network sniffer with support of the Linux kernel packet-mmap interface for network packets, but later on, more tools have been added to make it a useful toolkit such as the iproute2 suite, for instance. Through the kernel's zero-copy interface, efficient packet processing can be reached even on commodity hardware. For instance, Gigabit Ethernet wire-speed has been reached with netsniff-ng's trafgen. The netsniff-ng toolkit does not depend on the libpcap library. Moreover, no special operating system patches are needed to run the toolkit. netsniff-ng is free software and has been released under the terms of the GNU General Public License version 2.
The toolkit currently consists of a network analyzer, packet capturer and replayer, a wire-rate traffic generator, an encrypted multiuser IP tunnel, a Berkeley Packet Filter compiler, networking statistic tools, an autonomous system trace route and more:
Distribution specific packages are available for all major operating system distributions such as Debian or Fedora Linux. It has also been added to Xplico's Network Forensic Toolkit, GRML Linux, SecurityOnion, and to the Network Security Toolkit. The netsniff-ng toolkit is also used in academia.
Basic commands working in netsniff-ng
In these examples, it is assumed that eth0 is the used network interface. Programs in the netsniff-ng suite accept long options, e.g., --in ( -i ), --out ( -o ), --dev ( -d ).
Platforms
The netsniff-ng toolkit currently runs only on Linux systems. Its developers decline a port to Microsoft Windows.