netsniff-ng 0.5.7

A high performance network sniffer for packet inspection
netsniff-ng is a high performance Linux network sniffer for packet inspection tool. Basically, it is similar to tcpdump, but it doesn't need one syscall per packet. Instead, it uses an memory mapped area within kernelspace for accessing packets without copying them to userspace (zero-copy mechanism).

This tool is useful for debugging your network, measuring performance throughput or creating network statistics of incoming packets on central network nodes like routers or firewalls.

By providing an unix domain socket client, you're able to export collected data during runtime (e.g. for Nagios).

Main features:

  • No usage of libpcap
  • High performance
  • Zero-Copy mode via memory mapped kernel RX_RING (no syscalls for packet-fetching as in libpcap)
  • No extra callback function for each packet (as in libpcap)
  • Short critical path
  • Runs in userspace
  • Promiscuous Mode support
  • Berkeley Packet Filter support
  • Unix Domain Socket server for data fetching during sniff
  • Predefined filters for some protocols, e.g. possible Skype (UDP probe) prefiltering (or write your own ones for accessing each byte of the frame)
  • VLAN based sniffing possible
  • Run it in foreground (e.g. be verbose and print packets) or as a sys daemon
  • Support for integration of fetched statistics into Nagios (check_packets plugin)

last updated on:
June 30th, 2012, 8:40 GMT
license type:
GPL (GNU General Public License) 
developed by:
Daniel Borkmann
ROOT \ System \ Networking
Download Button

In a hurry? Add it to your Download Basket!

user rating



Rate it!
What's New in This Release:
  • This version fixes a number of bugs, cleans the code, and adds new features, including raw 802.11 support and a new packet configuration language for trafgen.
read full changelog

Add your review!