netsniff-ng 新一代网络抓包开源项目

值得借鉴的高性能(至少较libpcap来说)抓包和发包程序。

 

官网:        http://www.netsniff-ng.org/

 

代码托管:  http://netsniff-ng.googlecode.com/svn

 

 

概要介绍:摘自Open Source Monitoring Conference 2009 中的一个ppt

 

 

High performance network sniffer

 

Consists of

 netsni-ng
 check packets (client for Nagios)

 

  • The sniffer itself ...
  • Runs in promiscuous mode
  • Bypasses the complete network stack
  • Uses Kernelspace Berkeley Packet Filter (BPF)
  • Allocates 128 MB or less (probing) Kernelspace Receive Ring (RX RING)
  • Ring is Memory-Mapped into Userspace (so no Syscalls like recvfrom() needed ! Zero-Copy)
  • Branchfree critical path (so we won't smash the Pipeline)
  • Tested on Gigabit without packet loss
  • Can be run as Sysdaemon (silent, creates UDS Server for communication) or in foreground
  • netsniff-ng -d eth0 -f /etc/netsniff-ng/rules/arp.bpf -C
  • strace looks better now ...
  • Is a Unix Domain Socket Client for netsni-ng
  • Fetches collected network statistics at runtime via UDS inode
  • -n option for creating Nagios one-liner ! Performance data
  • Simple Nagios integration with NRPE or check by ssh

你可能感兴趣的:(网络技术)