netsniff-ng toolkit
Netsniff-ng small.png
Original author(s) Daniel Borkmann
Developer(s) Daniel Borkmann, Tobias Klauser, Herbert Haas, Emmanuel Roullit, Markus Amend and many others
Initial release December, 2009
Stable release
0.6.3 / April 11, 2017; 14 months ago (2017-04-11)
Written in C
Operating system Linux
Available in English
License GPLv2[1]

netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets (RX_RING, TX_RING),[2] so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg.[3]libpcap, starting with release 1.0.0, also supports the zero-copy mechanism on Linux for capturing (RX_RING), so programs using libpcap also use that mechanism on Linux.


netsniff-ng was initially created as a network sniffer with support of the Linux kernel packet-mmap interface for network packets, but later on, more tools have been added to make it a useful toolkit such as the iproute2 suite, for instance. Through the kernel's zero-copy interface, efficient packet processing can be reached even on commodity hardware. For instance, Gigabit Ethernet wire-speed has been reached with netsniff-ng's trafgen.[4][5] The netsniff-ng toolkit does not depend on the libpcap library. Moreover, no special operating system patches are needed to run the toolkit. netsniff-ng is free software and has been released under the terms of the GNU General Public License version 2.

The toolkit currently consists of a network analyzer, packet capturer and replayer, a wire-rate traffic generator, an encrypted multiuser IP tunnel, a Berkeley Packet Filter compiler, networking statistic tools, an autonomous system trace route and more:[6]

Distribution specific packages are available for all major operating system distributions such as Debian[7] or Fedora Linux. It has also been added to Xplico's Network Forensic Toolkit,[8] GRML Linux, SecurityOnion,[9] and to the Network Security Toolkit.[10] The netsniff-ng toolkit is also used in academia.[11][12]

Basic commands working in netsniff-ng

In these examples, it is assumed that eth0 is the used network interface. Programs in the netsniff-ng suite accept long options, e.g., --in ( -i ), --out ( -o ), --dev ( -d ).

  • For geographical AS TCP SYN probe trace route to a website:
astraceroute -d eth0 -N -S -H <host e.g.,>
ifpps -d eth0 -p
  • For high-speed network packet traffic generation, trafgen.txf is the packet configuration:
trafgen -d eth0 -c trafgen.txf
bpfc fubar.bpf
  • For live-tracking of current TCP connections (including protocol, application name, city and country of source and destination):
  • For efficiently dumping network traffic in a pcap file:
netsniff-ng -i eth0 -o dump.pcap -s -b 0


The netsniff-ng toolkit currently runs only on Linux systems. Its developers decline a port to Microsoft Windows.[13]

See also


External links

  This article uses material from the Wikipedia page available here. It is released under the Creative Commons Attribution-Share-Alike License 3.0.



Connect with defaultLogic
What We've Done
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.

Manage research, learning and skills at defaultLogic. Create an account using LinkedIn or facebook to manage and organize your Digital Marketing and Technology knowledge. defaultLogic works like a shopping cart for information -- helping you to save, discuss and share.

Visit defaultLogic's partner sites below: : Music Genres | Musicians | Musical Instruments | Music Industry
NCR Works : Retail Banking | Restaurant Industry | Retail Industry | Hospitality Industry

  Contact Us