netsniff-ng is a high performance Linux network sniffer for packet inspection. It is similar to analyzers like tcpdump, but without the need to perform system calls for fetching network packets. A memory-mapped area within kernelspace will be used for accessing packets, so there is no requirement for copying them to userspace (a 'zero-copy' mechanism). For this purpose, netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying, and performing offline analysis of pcap dumps. The project is focused on building a robust, clean, and secure analyzer and utilities that complete netsniff-ng as a support for penetration testing. netsniff-ng can be used for protocol analysis, reverse engineering, and network debugging.
|Tags||Linux Networking kernel BPF tcpdump Sniffer Packet inspection Zero copy Monitoring Software Development Ethernet Packet Capturing|
netsniff-ng is now officially integrated into Debian! The package will be maintained by Daniel Borkmann.
Release Notes: This release fixes a number of bugs, cleans the code, and adds new features, including raw 802.11 support and a new packet configuration language for trafgen.
Release Notes: The authors have thrown away the old netsniff-ng 0.5.5 code and rewritten netsniff-ng from scratch. It has even grown into a toolkit, so next to netsniff-ng, the tools trafgen, bpfc, ifpps, flowtop, curvetun, and ashunt are now available.
Release Notes: The PCAP file format is supported, which enables netsniff-ng to dump, read, and replay traces to or from harddisk. Lots of new packet printing options were added, targeted for debugging and reverse engineering. Automatic NIC IRQ affinity adaption is done if netsniff-ng is bound to a specific CPU. The possibility to manually set up ring size was added. POSIX compatible extended regular expression based filtering of packet content was implemented.
Release Notes: This minor release fixes an issue where, under specific conditions, netsniff-ng's rx_ring stops receiving packets. Furthermore, basic BPF checks have been added.
Release Notes: This is principally a bug and security fix release. A bug in memset that affects 32-bit systems has been fixed.