netsniff-ng is a high performance Linux network sniffer for packet inspection tool. Basically, it is similar to tcpdump, but it doesn't need one syscall per packet. Instead, it uses an memory mapped area within kernelspace for accessing packets without copying them to userspace (zero-copy mechanism).
This tool is useful for debugging your network, measuring performance throughput or creating network statistics of incoming packets on central network nodes like routers or firewalls.
By providing an unix domain socket client, you're able to export collected data during runtime (e.g. for Nagios).
Here are some key features of "netsniff-ng":
· No usage of libpcap
· High performance
· Zero-Copy mode via memory mapped kernel RX_RING (no syscalls for packet-fetching as in libpcap)
· No extra callback function for each packet (as in libpcap)
· Short critical path
· Runs in userspace
· Promiscuous Mode support
· Berkeley Packet Filter support
· Unix Domain Socket server for data fetching during sniff
· Predefined filters for some protocols, e.g. possible Skype (UDP probe) prefiltering (or write your own ones for accessing each byte of the frame)
· VLAN based sniffing possible
· Run it in foreground (e.g. be verbose and print packets) or as a sys daemon
· Support for integration of fetched statistics into Nagios (check_packets plugin)
What's New in This Release: [ read full changelog ]
· This version fixes a number of bugs, cleans the code, and adds new features, including raw 802.11 support and a new packet configuration language for trafgen.