netsniff-ng v0.5.5.0 released
netsniff-ng is is a free, performant Linux network sniffer for packet inspection.
The gain of performance is reached by ‘zero-copy’ mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace.
For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. Furthermore we are focussing on building a robust, clean and secure analyzer and utilities that complete netsniff-ng as a support for penetration testing.
netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
Some use cases and features
- Open source project and free licensing
- Analizing and debugging of network problems or protocol implementations
- Reverse engineering of (proprietary) network protocols
- Dumping, replaying and offline analysis of pcap traces
- Integrated high performance capabilities
- Focus on usability, robustness, security and functionality
- Support utility for penetration testing
- Regular expression based grepping of specific packet information
- Monitoring of network usage
- Network statistic creation (e.g. for Nagios)
Documentation
The manpage (PDF) of each stable release of netsniff-ng will cover all of the usage details. We also have a frequently asked question page. Furthermore, you might want to have a look at some benchmarks of RX_RING versus the usual recvfrom(2).
To dig into the inner workings of the Berkeley Packet Filter architecture have a look at this.
Documentation about the packet_mmap architecture with pf_packet sockets for the Linux kernel can be downloaded from http://www.kernel.org/ under Documentation/networking/packet_mmap.txt.
