- netsniff-ng
-
netsniff-ng toolkit 
Original author(s) Daniel Borkmann Developer(s) Emmanuel Roullit, Daniel Borkmann and others Initial release December, 2009 Stable release 0.5.5.0 / March 17, 2011 Development status Active Written in C Operating system Linux Available in English Type Computer security, Network management, Network engineering License GNU General Public License v2 Website netsniff-ng.org netsniff-ng is a free, performant Linux networking toolkit [1] originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets [2], so that the operating system does not need to copy packets from kernelspace to userspace via systemcalls [3].
Contents
Overview
netsniff-ng was initially created as a network sniffer with support of the Linux kernel zero-copy interface for network packets, but later on, more tools have been added to make it a useful toolkit such as the iproute2 suite, for instance. Through the kernel's zero-copy interface, efficient packet processing can be reached even on commodity hardware. For instance, Gigabit Ethernet wire-speed has been reached with netsniff-ng's trafgen[4] [5]. The netsniff-ng toolkit does not depend on the libpcap library. Moreover, no special operating system patches are needed to run the toolkit. netsniff-ng is free software and has been released under the terms of the GNU General Public License version 2.
The toolkit currently consists of a network analyzer, packet capturer and replayer, a wire-rate traffic generator, an encrypted multiuser IP tunnel, a Berkeley Packet Filter compiler, networking statistic tools, an autonomous system trace route and more [6]:
- netsniff-ng, a zero-copy analyzer, packet capturer and replayer itself supporting the pcap file format
- trafgen, a zero-copy wire-rate traffic generator
- bpfc, a Berkeley Packet Filter compiler
- ifpps, a top-like kernel networking statistics tool
- curvetun, a lightweight multiuser IP tunnel based on elliptic curve cryptography
- ashunt, an Autonomous System trace route utility
Distribution specific packages are available for all major operating system distributions such as Debian or Fedora Linux [7] including its Security Spin [8]. It has also been added to Xplico's Network Forensic Toolkit [9], GRML Linux and to the to the Network Security Toolkit [10]. The netsniff-ng toolkit is also used in academia [11] [12].
Basic commands working in netsniff-ng
In these examples, it is assumed that eth0 is the used network interface.
- For geographical AS TCP SYN probe trace route to a website:
ashunt -d eth0 -N -S -H <host i.e., netsniff-ng.org>
- For kernel networking statistics within promiscuous mode:
ifpps -d eth0 -p
- For high-speed network packet traffic generation, trafgen.txf is the packet configuration:
trafgen -d eth0 -c trafgen.txf -b 0
- For compiling a Berkeley Packet Filter fubar.bpf:
bpfc -i fubar.bpf
- For starting an encrypted ECC IPv4 tunnel in UDP mode on Port 6666 (read more [1]), including STUN detection:
curvetun -s -4 -u -p 6666 --stun stunserver.org
- For connecting to a curvetun tunnel server (assuming the remote bob-server is configured in curvetun, read more [2]):
curvetun --client=bob-server
- For efficiently dumping network traffic in a pcap file:
netsniff-ng -i eth0 -o dump.pcap -s -b 0
- For efficiently replaying network traffic from a pcap file:
netsniff-ng -i dump.pcap -o eth0 -s -b 0
- For redirecting network traffic between interfaces:
netsniff-ng -i eth0 -o eth1 -s -b 0
- For analyzing network traffic on all interfaces:
netsniff-ng -i any
Platforms
The netsniff-ng toolkit currently runs only on Linux systems. Its developers decline a port to Microsoft Windows [13].
References
- ^ "netsniff-ng Homepage". http://netsniff-ng.org. Retrieved 6 November 2011.
- ^ "Description of Linux Packet mmap Mechanism". http://lxr.linux.no/linux+v3.1/Documentation/networking/packet_mmap.txt. Retrieved 6 November 2011.
- ^ "netsniff-ng Homepage, Abstract, Zero-copy". http://netsniff-ng.org. Retrieved 6 November 2011.
- ^ "Network Security Toolkit Article about trafgen's performance capabilities". http://wiki.networksecuritytoolkit.org/nstwiki/index.php/LAN_Ethernet_Maximum_Rates,_Generation,_Capturing_%26_Monitoring. Retrieved 6 November 2011.
- ^ "Developer's Blog about trafgen's Performance". http://blog.cryptoism.org/1318763742.html. Retrieved 6 November 2011.
- ^ "Tools that are part of netsniff-ng". https://github.com/gnumaniacs/netsniff-ng/blob/master/README. Retrieved 6 November 2011.
- ^ "Maintainer list of netsniff-ng". https://github.com/gnumaniacs/netsniff-ng/blob/master/MAINTAINER. Retrieved 6 November 2011.
- ^ "Fedora Linux's Security Spin Tools". http://pastebin.com/1aHHYbGC. Retrieved 6 November 2011.
- ^ "Xplico support of netsniff-ng". http://www.xplico.org/archives/944. Retrieved 6 November 2011.
- ^ "Network Security Toolkit adds netsniff-ng". http://www.networksecuritytoolkit.org/nstpro/news/news.html. Retrieved 6 November 2011.
- ^ "netsniff-ng's trafgen at University of Napoli Federico II". http://www.grid.unina.it/software/ITG/link.php. Retrieved 7 November 2011.
- ^ "netsniff-ng's trafgen at Columbia University". http://www.cs.columbia.edu/~hgs/internet/traffic-generator.html. Retrieved 7 November 2011.
- ^ "netsniff-ng FAQ declining a port to Microsoft Windows". http://netsniff-ng.org/faq.html. Retrieved 6 November 2011.
External links
- Official netsniff-ng website
- netsniff-ng FAQ
- netsniff-ng's curvetun VPN howto
- – Linux Administration and Privileged Commands Manual
See also
Categories:- Network analyzers
- Open source network management software
- Unix network-related software
- Free software programmed in C
- Free network-related software
Wikimedia Foundation. 2010.
