Abstract

netsniff-ng is a free, performant Linux networking toolkit.

The gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

For this purpose, the netsniff-ng toolkit is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. Furthermore, we are focussing on building a robust and clean analyzer and utilities that complete netsniff-ng as a support for network development, debugging or network reconnaissance.

The netsniff-ng toolkit consists of the following utilities:

• netsniff-ng, a high-performance zero-copy analyzer, pcap capturing and replaying tool
• trafgen, a high-performance zero-copy network traffic generator
• bpfc, a Berkeley Packet Filter (BPF) compiler supporting Linux extensions
• ifpps, a top-like kernel networking and system statistics tool
• flowtop, a top-like netfilter connection tracking tool
• curvetun, a lightweight multiuser IP tunnel based on elliptic curve cryptography
• ashunt, an Autonomous System (AS) trace route and ISP testing utility

(Note: libpcap starting from 1.0.0 now also supports zero-copy, but for capturing only! netsniff-ng's pcap files can also be opened with tools like Wireshark, and vice versa!)

Development

Source control

There's a public Git repository at GitHub where you can check out the entire code base. If you are curious about the latest development happenings, you really might prefer our Git master's branch instead of the tarballs within our public archive. For tamper resistant downloading, clone the Git repository and checkout the corresponding version tag.

Documents

There is a netsniff-ng frequently asked question site and for participating in development have a look at the documentation files within the source code. Here is also a FAQ about the GNU GPL version 2, under which netsniff-ng is licensed.

For reporting bugs please use our bug tracking system or write an e-mail to .

Contribute

If you think this software is great, then please consider donating (Flattr) some money to help us to keep up development, server fees, or travelling costs for conferences. If you would like to help otherwise, we would like to see more people to:

• Review and contribute to the source code (see projects file)
• Add or improve documentation, Man-pages, write interesting howtos
• Maintain distribution specific packages
• Donate hardware, networking equipment, especially for 10-Gbit/s-Ethernet
• Test netsniff-ng on your specific platform, especially on non-x86

Currently, netsniff-ng is only available for Linux platforms. If you have a port for *BSD, let us know for merging your port into the main source tree. However, please do NOT PORT netsniff-ng to Windows or other proprietary crap! (Here is a nice explanation why; we really share Felix von Leitner's point of view.)

Documentation

The man page of each stable release of netsniff-ng will cover all of the usage details. It is included within the source code distribution package. We also have a frequently asked question page. Furthermore, the documents within the repository will give you some useful information.

To dig into the inner workings of the Berkeley Packet Filter architecture, have a look at this.

Documentation about the ``packet_mmap'' architecture with ``pf_packet'' sockets for the Linux kernel can be downloaded from kernel.org under packet_mmap.txt.

If you need the netsniff-ng logo in vector format, feel free to use them from our repository either in black or white.

Support

A mailing list for netsniff-ng moderated (spam free) user discussions is open to the public. Subscribe and mail to . There's also an archive at Gmane and a searchable archive.

Before posting questions, have a look at our FAQ.

netsniff-ng around the world