Justniffer Just A Network TCP Packet Sniffer .Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic
Switch branches/tags
Clone or download
Latest commit ce8e3d5 Mar 21, 2016
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
autom4te.cache update Mar 21, 2016
debian -F flag and libnids inline functions removed Mar 21, 2016
doc justniffer-grab-http-traffic added all justniffer parameters Jul 27, 2012
include 0.5.14 Mar 10, 2016
justmonitor git-svn-id: svn://svn.code.sf.net/p/justniffer/code/trunk@130 1140968… Jul 25, 2009
lib -F flag and libnids inline functions removed Mar 21, 2016
m4 automake missing Mar 10, 2016
python automake missing Mar 10, 2016
src file integrity check removed for stdout pipe Mar 21, 2016
test on timed out event Mar 10, 2016
ws/utils 0.5.14 Mar 10, 2016
.gitignore update Mar 21, 2016
AUTHORS git-svn-id: svn://svn.code.sf.net/p/justniffer/code/trunk@59 1140968e… May 23, 2009
COPYING git-svn-id: svn://svn.code.sf.net/p/justniffer/code/trunk@59 1140968e… May 23, 2009
ChangeLog ChangeLog restored Mar 21, 2016
INSTALL automake missing Mar 10, 2016
Makefile.am autoconf boost updated, pipeline fixed, session time. man updated Oct 29, 2014
Makefile.in automake missing Mar 10, 2016
NEWS git-svn-id: svn://svn.code.sf.net/p/justniffer/code/trunk@59 1140968e… May 23, 2009
README README updated Mar 10, 2016
acinclude.m4 new autotools Feb 14, 2016
aclocal.m4 automake missing Mar 10, 2016
build_debian.sh git-svn-id: svn://svn.code.sf.net/p/justniffer/code/trunk@66 1140968e… May 25, 2009
compile automake missing Mar 10, 2016
config.guess automake missing Mar 10, 2016
config.sub automake missing Mar 10, 2016
configure automake missing Mar 10, 2016
configure.ac -F flag and libnids inline functions removed Mar 21, 2016
configure.ac.in automake missing Mar 10, 2016
depcomp automake missing Mar 10, 2016
info.json -F flag and libnids inline functions removed Mar 21, 2016
install-sh automake missing Mar 10, 2016
justniffer.8 -F flag and libnids inline functions removed Mar 21, 2016
justniffer.8.in on timed out event Mar 10, 2016
ltmain.sh automake missing Mar 10, 2016
make-release.sh fixes for python 2.7 Oct 16, 2011
missing automake missing Mar 10, 2016

README

Justniffer (Project page: http://justniffer.sourceforge.net/)  

Network TCP Packet Sniffer

Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.

It lets you interactively trace tcp traffic from a live network or from a previously saved capture file. Justniffer's native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.

Reliable TCP Flow Rebuilding

The main Justniffer's feature is the ability to handle all those complex low level protocol issues and retrieve the correct flow of the TCP/IP traffic: IP fragmentation, TCP retransmission, reordering. etc. It uses portions of Linux kernel source code for handling all TCP/IP stuff. Precisely, it uses a slightly modified version of the libnids libraries that already include a modified version of Linux code in a more reusable way.

Optimized for "Request / Response" protocols. It is able to track server response time

Justniffer was born as tool for helping in analyzing performance problem in complex network environment when it becomes impractical to analyze network captures solely using wireshark. It will help you to quickly identify the most significant bottlenecks analyzing the performance at "application" protocol level.

In very complex and distributed systems is often useful to understand how communication takes place between different components, and when this is implemented as a network protocol based on TCP/IP (HTTP, JDBC, RTSP, SIP, SMTP, IMAP, POP, LDAP, REST, XML-RPC, IIOP, SOAP, etc.), justniffer becomes very useful. Often the logging level and monitoring systems of these systems does not report important information to determine performance issues such as the response time of each network request. Because they are in a "production" environment and cannot be too much verbose or they are in-house developed applications and do not provide such logging.

Other times it is desirable to collect access logs from web services implemented on different environments (various web servers, application servers, python web frameworks, etc.) or web services that are not accessible and therefore traceable only on client side.

Justniffer can capture traffic in promiscuous mode so it can be installed on dedicated and independent station within the same network "collision domain" of the gateway of the systems that must be analyzed, collecting all traffic without affecting the system performances and requiring invasive installation of new software in production environments.

Can rebuild and save HTTP content on files

The robust implementation for the reconstruction of the TCP flow turns it in a multipurpose sniffer.

HTTP sniffer
LDAP sniffer
SMTP sniffer
SIP sniffer
password sniffer
justniffer can also be used to retrieve files sent over the network.
It is extensible

Can be extended by external scripts. A python script has been developed to recover all files sent via HTTP (images, text, html, javascript, etc.).

Features Summary

Reliable TCP flow rebuilding: it can reorder, reassemble tcp segments and ip fragments using portions of the Linux kernel code
Logging text mode can be customized
Extensibility by any executable, such as bash, python, perl scripts, ELF executable, etc.
Performance measurement it can collect many information on performances: connection time, close time, request time , response time, close time, etc.