NetSniff-NG

Description

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will.

Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

Usage

Syntax

netsniff-ng [options]

Options

  -i|-d|--dev|--in <dev|pcap> Input source as netdev or pcap
  -o|--out <dev|pcap|dir|txf> Output sink as netdev, pcap, directory, txf file
  -f|--filter <bpf-file>      Use BPF filter file from bpfc
  -t|--type <type>            Only handle packets of defined type:
                              host|broadcast|multicast|others|outgoing
  -F|--interval <uint>        Dump interval in sec if -o is a directory where
                              pcap files should be stored (default: 60)
  -J|--jumbo-support          Support for 64KB Super Jumbo Frames
                              Default RX/TX slot: 2048Byte
  -R|--rfraw                  Capture or inject raw 802.11 frames
  -n|--num <uint>             Number of packets until exit
  `--     0                   Loop until interrupted (default)
   `-     n                   Send n packets and done
Options for printing:
  -s|--silent                 Do not print captured packets
  -q|--less                   Print less-verbose packet information
  -X|--hex                    Print packet data in hex format
  -l|--ascii                  Print human-readable packet data
Options, advanced:
  -r|--rand                   Randomize packet forwarding order
  -M|--no-promisc             No promiscuous mode for netdev
  -m|--mmap                   Mmap pcap file i.e., for replaying
  -g|--sg                     Scatter/gather pcap file I/O
  -c|--clrw                   Use slower read(2)/write(2) I/O
  -S|--ring-size <size>       Manually set ring size to <size>:
                              mmap space in KB/MB/GB, e.g. '10MB'
  -k|--kernel-pull <uint>     Kernel pull from user interval in us
                              Default is 10us where the TX_RING
                              is populated with payload from uspace
  -b|--bind-cpu <cpu>         Bind to specific CPU (or CPU-range)
  -B|--unbind-cpu <cpu>       Forbid to use specific CPU (or CPU-range)
  -H|--prio-high              Make this high priority process
  -Q|--notouch-irq            Do not touch IRQ CPU affinity of NIC
  -v|--version                Show version netsniff-ng
  -h|--help                   Guess what?! netsniff-ng

Example

cyborg@cyborg:~$ sudo netsniff-ng --in eth0  --out cap.pcap --bind-cpu 0
netsniff-ng 0.5.7
BPF JIT
RX: 23.83 MiB, 12200 Frames, each 2048 Byte allocated
IRQ: eth0:41 > CPU0
PROMISC
BPF:
 L0: ret #0xffffffff
MD: RX scatter-gather lf64 realtime: prio 4

M 2 208 1447666797.648032
 [ Eth MAC (74:de:2b:c3:a0:2f => 33:33:00:00:00:0c), Proto (0x86dd, IPv
   6) ]
 [ Vendor (Unknown => Unknown) ]
 [ IPv6 Addr (fe80::cca5:e8db:6058:1843 => ff02::c), Version (6), TrafficCl
   ass (0), FlowLabel (0), Len (154), NextHdr (17), HopLimit (1) ]
 [ UDP Port (54429 => 1900 (upnp)), Len (154 Bytes, 146 Bytes Data)
   CSum (0x94a4) ]
 [ chr M-SEARCH * HTTP/1.1..Host:[FF02::C]:1900..ST:urn:Microsoft Windows P
   eer Name Resolution Protocol: V4:IPV6:LinkLocal..Man:"ssdp:discover"..MX
   :3.... ]
 [ hex  4d 2d 53 45 41 52 43 48 20 2a 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6
   f 73 74 3a 5b 46 46 30 32 3a 3a 43 5d 3a 31 39 30 30 0d 0a 53 54 3a 75 7
   2 6e 3a 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 50 65 65 7
   2 20 4e 61 6d 65 20 52 65 73 6f 6c 75 74 69 6f 6e 20 50 72 6f 74 6f 63 6
   f 6c 3a 20 56 34 3a 49 50 56 36 3a 4c 69 6e 6b 4c 6f 63 61 6c 0d 0a 4d 6
   1 6e 3a 22 73 73 64 70 3a 64 69 73 63 6f 76 65 72 22 0d 0a 4d 58 3a 33 0
   d 0a 0d 0a ]
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?