Netsniff-Ng – A Swiss Army Knife For Your Daily Linux Network Plumbing

Netsniff-Ng - A Swiss Army Knife For Your Daily Linux Network Plumbing

netsniff-ng is a free Linux networking toolkit, a Swiss military knife to your every day Linux community plumbing if you’ll.

Its acquire of efficiency is reached by zero-copy mechanisms, in order that on packet reception and transmission the kernel doesn’t want to repeat packets from kernel house to consumer house and vice versa.

Our toolkit can be utilized for community growth and evaluation, debugging, auditing or community reconnaissance.

The netsniff-ng toolkit consists of the next utilities:

  • netsniff-ng, a quick zero-copy analyzer, pcap capturing and replaying software
  • trafgen, a multithreaded low-stage zero-copy community packet generator
  • mausezahn, excessive-stage packet generator for HW/SW home equipment with Cisco-CLI*
  • bpfc, a Berkeley Packet Filter compiler, Linux BPF JIT disassembler
  • ifpps, a prime-like kernel networking statistics software
  • flowtop, a prime-like netfilter connection monitoring software
  • curvetun, a light-weight curve25519-based IP tunnel
  • astraceroute, an autonomous system (AS) hint route utility

Get it through Git:   git clone git://


netsniff-ng is a quick community analyzer based mostly on packet mmap(2) mechanisms. It can document pcap information to disc, replay them and likewise do an offline and on-line evaluation. Capturing, evaluation or replay of uncooked 802.11 frames are supported as nicely. pcap information are additionally appropriate with tcpdump or Wireshark traces. netsniff-ng processes these pcap traces both in scatter-collect I/O or by mmap(2) I/O.

trafgen is a multi-threaded community site visitors generator based mostly on packet mmap(2) mechanisms. It has its personal versatile, macro-based mostly low-stage packet configuration language. Injection of uncooked 802.11 frames are supported as nicely. trafgen has a considerably increased velocity than mausezahn and comes very near pktgen, however runs from consumer house. pcap traces will also be transformed right into a trafgen packet configuration.

mausezahn is a excessive-stage packet generator that may run on a {hardware}-software program equipment and comes with a Cisco-like CLI. It can craft practically each attainable or unimaginable packet. Thus, it may be used, for instance, to check community behaviour beneath unusual circumstances (stress take a look at, malformed packets) or to check {hardware}-software program home equipment for a number of type of assaults.

bpfc is a Berkeley Packet Filter (BPF) compiler that understands the unique BPF language developed by McCanne and Jacobson. It accepts BPF mnemonics and converts them into kernel/netsniff-ng readable BPF “opcodes”. It additionally helps undocumented Linux filter extensions. This can particularly be helpful for extra difficult filters, that top-stage filters fail to help.

ifpps is a software which periodically supplies prime-like networking and system statistics from the Linux kernel. It gathers statistical information straight from procfs information and doesn’t apply any consumer house site visitors monitoring that will falsify statistics on excessive packet charges. For wi-fi, information about hyperlink connectivity is offered as nicely.

flowtop is a prime-like connection monitoring software that may run on an finish host or router. It is ready to current TCP or UDP flows which have been collected by the kernel’s netfilter framework. GeoIP and TCP state machine data is displayed. Also, on finish hosts flowtop can present PIDs and utility names that flows relate to. No consumer house site visitors monitoring is finished, thus all information is gathered by the kernel.

curvetun is a light-weight, excessive-velocity ECDH multiuser tunnel for Linux. curvetun makes use of the Linux TUN/TAP interface and helps {IPv4,IPv6} over {IPv4,IPv6} with UDP or TCP as provider protocols. Packets are encrypted finish-to-finish by a symmetric stream cipher (Salsa20) and authenticated by a MAC (Poly1305), the place keys have beforehand been computed with the ECDH key settlement protocol (Curve25519).

astraceroute is an autonomous system (AS) hint route utility. Unlike traceroute or tcptraceroute, it not solely show hops, but additionally their AS data they belong to in addition to GeoIP data and different fascinating issues. On default, it makes use of a TCP probe packet and falls again to ICMP probes in case no ICMP reply has been obtained.

Concluding, the toolkit is cut up into small, helpful utilities which might be or will not be essentially associated to one another. Each program for itself fills a spot as a helper in your every day community debugging, growth or audit.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.