Projects / netsniff-ng

netsniff-ng

netsniff-ng is a high performance Linux network sniffer for packet inspection. It is similar to analyzers like tcpdump, but without the need to perform system calls for fetching network packets. A memory-mapped area within kernelspace will be used for accessing packets, so there is no requirement for copying them to userspace (a 'zero-copy' mechanism). For this purpose, netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying, and performing offline analysis of pcap dumps. The project is focused on building a robust, clean, and secure analyzer and utilities that complete netsniff-ng as a support for penetration testing. netsniff-ng can be used for protocol analysis, reverse engineering, and network debugging.

Tags
Licenses
Operating Systems
Implementation
Translations

Last announcement

netsniff-ng now part of Debian Linux 18 Dec 2009 23:05

netsniff-ng is now officially integrated into Debian! The package will be maintained by Daniel Borkmann. More: http://packages.debian.org/unstable/netsniff-ng

Recent releases

  •  29 Jun 2012 18:45

    Release Notes: This release fixes a number of bugs, cleans the code, and adds new features, including raw 802.11 support and a new packet configuration language for trafgen.

    •  28 Mar 2012 22:33

      Release Notes: The authors have thrown away the old netsniff-ng 0.5.5 code and rewritten netsniff-ng from scratch. It has even grown into a toolkit, so next to netsniff-ng, the tools trafgen, bpfc, ifpps, flowtop, curvetun, and ashunt are now available.

      •  09 Oct 2010 13:27

        Release Notes: The PCAP file format is supported, which enables netsniff-ng to dump, read, and replay traces to or from harddisk. Lots of new packet printing options were added, targeted for debugging and reverse engineering. Automatic NIC IRQ affinity adaption is done if netsniff-ng is bound to a specific CPU. The possibility to manually set up ring size was added. POSIX compatible extended regular expression based filtering of packet content was implemented.

        •  18 Feb 2010 11:24

          Release Notes: This minor release fixes an issue where, under specific conditions, netsniff-ng's rx_ring stops receiving packets. Furthermore, basic BPF checks have been added.

          •  02 Jan 2010 11:36

            Release Notes: This is principally a bug and security fix release. A bug in memset that affects 32-bit systems has been fixed.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.