Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A Swiss army knife for your daily Linux network plumbing.
C C++ Bison Shell Makefile Python Other

netsniff-ng: add example for fanout into man page

Add an example, so users can easily adapt and move on from that.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
latest commit d0677020ce
@borkmann borkmann authored
Failed to load latest commit information.
astraceroute netsniff-ng: Delete rfmon mac80211 device in case of panic
bpfc netsniff-ng: Delete rfmon mac80211 device in case of panic
curvetun netsniff-ng: Delete rfmon mac80211 device in case of panic
flowtop build: Restore support for cross-compiling the netsniff-ng toolkit
ifpps build: Restore support for cross-compiling the netsniff-ng toolkit
mausezahn netsniff-ng: Delete rfmon mac80211 device in case of panic
netsniff-ng build: Restore support for cross-compiling the netsniff-ng toolkit
staging mausezahn: Make sure '\0' is written after strncpy
trafgen build: Restore support for cross-compiling the netsniff-ng toolkit
.gitignore gitignore: Add compiled executables
.travis.yml build: travis: Re-enable clang and also use it for configure
AUTHORS authors: Fix Daniel's email
COPYING docs: minor: fix whitespacing in copying file
Cmds build: Restore support for cross-compiling the netsniff-ng toolkit
CodingStyle docs: minor: fix mentioning of Documentation/
Extra build: reduce Extra contents to bare minimum
INSTALL build: Restore support for cross-compiling the netsniff-ng toolkit
Makefile netsniff-ng 0.5.9
Misc build: Explicitly mention last release in announcement message
README docs: be more precise on readme with experimental tools
REPORTING-BUGS docs: REPORTING-BUGS: Mention the github issue tracker
SubmittingPatches docs: move some of them to the root directory
Template build: Make module build also depend on header file
astraceroute.8 man: astraceroute: Fix closing quotation mark
astraceroute.c all: Reduce amount of empty liens in usage and version output a bit
astraceroute.zsh zsh: Unify completion help messages for --version and --help
bpf.c xmalloc: Make xrealloc() arguments conform to realloc()
bpf.h bpf: Remove unncessary #include <xmalloc.h> from bpf.h
bpf.vim vim: add bpf syntax highlighting file
bpf_comp.c xmalloc: Make xrealloc() arguments conform to realloc()
bpf_ext.h bpf: split up instructions and extensions from header
bpf_insns.h bpf: use Linux' define of BPF_MAXINSNS
bpf_jit_disasm.c bpf: add minimal BPF JIT emitted image disassembler
bpf_lexer.l bpfc: add gnu as style %-register prefix
bpf_parser.y conf: Use configuration file path from Makefile instead of hardcoded …
bpfc.8 man: manpage warning fixes
bpfc.c all: Reduce amount of empty liens in usage and version output a bit
bpfc.zsh zsh: Unify completion help messages for --version and --help
built_in.h xmalloc: Add attribute warn_unused_result to allocation functions
colorize.h misc: cleanup header comments
colors.h misc: cleanup header comments
configure build: Restore support for cross-compiling the netsniff-ng toolkit
conntrack.h conntrack: consolidate all conntrack header includes into conntrack.h
cookie.c xio: refactor fopencookie related functions
cookie.h xio: refactor fopencookie related functions
corking.c misc: remove two header comments
corking.h corking: use bool instead of int
cpus.h cpus: let it always return an unsigned int and bail out on error
cpusched.c xmalloc: Add and use xcalloc
cpusched.h cpusched: remove useless header comment
crypto.h curve: curve25519_encode/curve25519_decode: simplify crypto transforms
csum.h csum: Use ISO C fixed width types
curve.c curve: free buffers in reverse order to allocation
curve.h curve: curve25519_tfm_alloc/curve25519_tfm_free helpers
curve_test.c curve: move selftest to own file
curvetun.8 man: manpage warning fixes
curvetun.c all: Reduce amount of empty liens in usage and version output a bit
curvetun.h built_in: changed to use RUNTIME_PAGE_SIZE instead of PAGE_SIZE
curvetun.zsh zsh: add netsniff-ng zsh auto completion support
curvetun_client.c poll: changed to include <poll.h> instead of <sys/poll.h>
curvetun_mgmt.h curvetun_mgmt: consolidate the two mgmt include files into one
curvetun_mgmt_servers.c curvetun: renamed client, server, and management files
curvetun_mgmt_servers.h curvetun: renamed client, server, and management files
curvetun_mgmt_users.c curvetun: renamed client, server, and management files
curvetun_mgmt_users.h curvetun: renamed client, server, and management files
curvetun_server.c xmalloc: Add and use xcalloc
dev.c dev: Close socket in error path of device_ifindex_get()
dev.h mac80211: Check existence of generated monX device
die.c die: Rename *_panic_func to *_panic_handler
die.h die: Rename *_panic_func to *_panic_handler
dissector.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
dissector.h netsniff-ng: Reorder packet number output
dissector_80211.c dissector: Get rid of now unnecessary HAVE_DISSECTOR_PROTOS
dissector_80211.h dissector: Get rid of now unnecessary HAVE_DISSECTOR_PROTOS
dissector_eth.c dissector: Get rid of now unnecessary HAVE_DISSECTOR_PROTOS
dissector_eth.h dissector: Get rid of now unnecessary HAVE_DISSECTOR_PROTOS
dissector_fuzz.sh misc: move file to source root
dissector_netlink.c dissector: Get rid of now unnecessary HAVE_DISSECTOR_PROTOS
dissector_netlink.h dissector: Get rid of now unnecessary HAVE_DISSECTOR_PROTOS
epoll2.c xutils: eliminate xutils, move rest to epoll2
epoll2.h xutils: eliminate xutils, move rest to epoll2
ether.conf misc: move file to source root
flowtop.8 man: manpage warning fixes
flowtop.c flowtop: Print error cause if errno is set when panic
flowtop.zsh zsh: Unify completion help messages for --version and --help
geoip.c geoip: Fix update failing
geoip.conf misc: move file to source root
geoip.h geoip: Pass struct sockaddr_in{,6} as pointer instead of by value
hash.c xmalloc: Add and use xcalloc
hash.h misc: cleanup header comments
ifpps.8 man: manpage warning fixes
ifpps.c all: Reduce amount of empty liens in usage and version output a bit
ifpps.zsh zsh: Unify completion help messages for --version and --help
ioexact.c ioexact: make mayexit a bool
ioexact.h ioexact: make mayexit a bool
ioops.c ioops: Constify `name' parameter to tun_open_or_die()
ioops.h ioops: Constify `name' parameter to tun_open_or_die()
iosched.c iosched: Print error cause if setting io prio failed
iosched.h iosched: break out io scheduling functions from xutils
ipv4.h misc: cleanup header comments
ipv6.h misc: cleanup header comments
irq.c irq: do not process non-existant irq number of lo
irq.h irq: rename device_bind_irq_to_cpu to device_set_irq_affinity
keypair.c keypair: add missing include file
keypair.h keypair: Add routines to generate and verify a keypair
link.c link: fixed to include <sys/types.h> for caddr_t
link.h debian: define SPEED_UNKNOWN if missing in linux/ethtool.h
linktype.h netsniff-ng: Consider radiotap header of monitor dev
locking.h mz: Make access to pcap init functions thread safe
lockme.h xutils: break out string handling and locking
lookup.c lookup: Move UDP/TCP port and Ethernet type lookup into own module
lookup.h lookup: Move UDP/TCP port and Ethernet type lookup into own module
mac80211.c all: Fix libnl3 include path
mac80211.h mac80211.c: Remove or mark unused function parameters
mausezahn.8 mz: Allow to print packet types by '-t help'
mausezahn.zsh mausezahn: bind to IP address in interactive mode
netsniff-ng.8 netsniff-ng: add example for fanout into man page
netsniff-ng.c netsniff-ng: Fix typo Unkown -> Unknown
netsniff-ng.zsh zsh: netsniff-ng: add completions
oui-update.py oui-update: minor: Fix typo in error message
oui.c dissector: Get rid of now unnecessary HAVE_DISSECTOR_PROTOS
oui.conf conf: oui: update oui.conf
oui.h misc: cleanup header comments
patricia.c all: import netsniff-ng 0.5.8-rc0 source
patricia.h all: import netsniff-ng 0.5.8-rc0 source
pcap_io.h netsniff-ng: Don't set IO prio when reading pcap file
pcap_mm.c netsniff-ng: Don't set IO prio when reading pcap file
pcap_rw.c netsniff-ng: Don't set IO prio when reading pcap file
pcap_sg.c netsniff-ng: Don't set IO prio when reading pcap file
pkt_buff.h netsniff-ng: Rename protocol dissector member of struct pkt_buff
privs.c privs: move drop_privileges out of xutils
privs.h privs: move drop_privileges out of xutils
proc.c proc: move out process specific management functions
proc.h proc: move out process specific management functions
proto.h proto: Make protocol->key member const
proto_80211_mac_hdr.c netsniff-ng mac80211: Align country channels info
proto_arp.c dissectors: Include protos.h in some dissectors for protocol ops decl…
proto_ethernet.c dissectors: ethernet: Display multicast/broadcast also in less mode
proto_icmpv4.c dissectors: Include protos.h in some dissectors for protocol ops decl…
proto_icmpv6.c dissectors: Include protos.h in some dissectors for protocol ops decl…
proto_igmp.c dissectors: Include protos.h in some dissectors for protocol ops decl…
proto_ip_authentication_hdr.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_ip_esp.c dissectors: Include protos.h in some dissectors for protocol ops decl…
proto_ipv4.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_ipv6.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_ipv6_dest_opts.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_ipv6_fragm.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_ipv6_hop_by_hop.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_ipv6_in_ipv4.c dissectors: Get rid of unecessary includes of protos.h
proto_ipv6_mobility_hdr.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_ipv6_no_nxt_hdr.c dissectors: Get rid of unecessary includes of protos.h
proto_ipv6_routing.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_lldp.c dissectors: Remove unnecessary includes of dissector_eth.h
proto_mpls_unicast.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_nlmsg.c netsniff-ng nlmsg: Print multi-part messages
proto_none.c dissectors: Include protos.h in some dissectors for protocol ops decl…
proto_tcp.c dissectors: Include protos.h in some dissectors for protocol ops decl…
proto_udp.c dissectors: Include protos.h in some dissectors for protocol ops decl…
proto_vlan.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
proto_vlan_q_in_q.c netsniff-ng: Rename protocol dissector member of struct pkt_buff
protos.h netsniff-ng: Add netlink dissector
ring.c trafgen: speedup TX only path by avoiding kernel packet_rcv() call
ring.h ring: Make ifname paramter to ring_size() const
ring_rx.c netsniff-ng: add packet fanout support
ring_rx.h netsniff-ng: add packet fanout support
ring_tx.c ring: Merge common ring_{rx,tx} initialization into own function
ring_tx.h ring: Merge common ring_{rx,tx} initialization into own function
rnd.c rnd: Fix compiler warning
rnd.h rnd: add gen_key_bytes to generate key from good entropy source
screen.c ifpps, flowtop: Move ncurses init and end to common module
screen.h ifpps, flowtop: Move ncurses init and end to common module
sig.c sig: add signal handling functions
sig.h sig: add signal handling functions
sock.c sock: Fix capturing extra packets from other dev
sock.h sock: Fix capturing extra packets from other dev
str.c xutils: break out string handling and locking
str.h xutils: break out string handling and locking
stun.c stun: close socket before returning in error case
stun.h stun: add header file
taia.c taia: minor: add comment about window
taia.h taia: minor: small cleanup and comment
tcp.conf misc: move file to source root
timer.c timer: add time management functions
timer.h timer: add time management functions
tprintf.c tprintf: Fix color breaking in less mode
tprintf.h misc: cleanup header comments
trafgen.8 trafgen: add option to not adjust system socket mem during testrun
trafgen.c sock: Fix capturing extra packets from other dev
trafgen.zsh zsh: trafgen: Add new command line option -A/--no-sock-mem
trafgen_conf.h misc: cleanup header comments
trafgen_lexer.l misc: fix some minor compile warnings all over
trafgen_parser.y xmalloc: Make xrealloc() arguments conform to realloc()
trafgen_stddef.h make: rename trafgen stddef.h file
trie.c all: import netsniff-ng 0.5.8-rc0 source
trie.h trie: remove useless header comment
tstamping.c configure: fix multiple issues in build configuration
tstamping.h configure: fix multiple issues in build configuration
udp.conf misc: move file to source root
xmalloc.c xmalloc: Make xrealloc() arguments conform to realloc()
xmalloc.h xmalloc: Add attribute warn_unused_result to allocation functions

README

//////////////////////////////////////////////////////////////////////////////

                    netsniff-ng - the packet sniffing beast

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                         .      .
netsniff-ng is a free, performant       /(      )\
Linux network analyzer and            .' {______} '.
networking toolkit. If you will,       \ ^,    ,^ /
the Swiss army knife for network        |'O\  /O'|   _.<0101011>--
packets.                                > `'  '` <  /
                                        ) ,.==., (  |
Web: http://netsniff-ng.org          .-(|/--~~--\|)-'
                                    (      ___
The gain of performance is           \__.=|___E
reached by built-in zero-copy
mechanisms, so that on packet reception and transmission the kernel does not
need to copy packets from kernel space to user space, and vice versa.

The netsniff-ng toolkit's primary usage goal is to facilitate a network
developer's / hacker's daily Linux plumbing. It can be used for network
development, debugging, analysis, auditing or network reconnaissance. It
consists of the following fixed set of utilities:

  * netsniff-ng: a zero-copy packet analyzer, pcap capturing/replaying tool
  * trafgen: a multithreaded low-level zero-copy network packet generator
  * mausezahn [*]: high-level packet generator for appliances with Cisco-CLI
  * ifpps: a top-like kernel networking and system statistics tool
  * curvetun [*]: a lightweight curve25519-based multiuser IP tunnel
  * astraceroute: an autonomous system trace route and DPI testing utility
  * flowtop: a top-like netfilter connection tracking tool
  * bpfc: a [seccomp-]BPF (Berkeley packet filter) compiler, JIT disassembler

Note that tools marked with [*] should be considered as experimental for now,
and not used in production environments as they still need more work to be
fully stable and in line with others. You have been warned!

Each release can be verified with Git and GPG, here are the steps to do so:

 1) Import the maintainers public keys:
   git show maint-tklauser-pgp-pub | gpg --import
   git show maint-dborkman-pgp-pub | gpg --import
 2) Verify the Git tag:
   git tag -v <tag-name>

Carefully read the INSTALL document for the next steps in building netsniff-ng.
Note that the toolkit is still quite young and under heavy development, not
yet feature complete and in a quality level where we're satisfied with (i.e.
for mausezahn). However, we're on a good way towards tackling all these goals.

The netsniff-ng toolkit is an open source project covered by the GNU General
Public License, version 2.0. For any questions or feedback about netsniff-ng
you are welcome to leave us a message at <netsniff-ng@googlegroups.com>.

netsniff-ng is non-profit and provided in the hope, that it is found useful.
The current project status can be considered as "working". In general, all tools
have been tested by us to a great extend including their command-line options.
In fact, many of our tools are used in a lot of production systems. However, we
give no guarantee that our tools are free of bugs! If you spot some issues,
contact us as described in REPORTING-BUGS. Also, have a look at our online FAQ
for answering your questions. This project has received support from companies
and institutions listed in the according section in the AUTHORS file. Thanks for
contributing, we're thrilled to provide you with netsniff-ng! Happy packet
hacking!
Something went wrong with that request. Please try again.