On Mon, Sep 17, 2012 at 8:50 PM, Jon Schipp jonsch...@gmail.com wrote:
I'm writing an article covering the netsniff-ng installation procedure.
I always get caught up on Libnacl after installing it like this:
http://petio.org/tools/nacl.html
$ uname -a
Linux nms 3.2.0-30-generic #48-Ubuntu
On Mon, Sep 17, 2012 at 8:33 PM, Jon Schipp jonsch...@gmail.com wrote:
$ wget http://pub.netsniff-ng.org/netsniff-ng/netsniff-ng-0.5.7.tar.gz
$ uname -a
Linux nms 3.2.0-30-generic #48-Ubuntu SMP Fri Aug 24 16:52:48 UTC 2012
x86_64 x86_64 x86_64 GNU/Linux
...
...
[ 37%] Building C object
On Thu, Oct 4, 2012 at 12:22 PM, Daniel Borkmann borkm...@iogearbox.net wrote:
On Thu, Oct 4, 2012 at 1:49 AM, TOoSmOotH reeve...@gmail.com wrote:
Is it possible to index PCAP as it writes it to disk? I really like
netsniff-ng as it scales well with high traffic but the downside
-
Von: netsniff-ng@googlegroups.com [mailto:netsniff-ng@googlegroups.com] Im
Auftrag von Daniel Borkmann
Gesendet: Donnerstag, 4. Oktober 2012 14:57
An: netsniff-ng@googlegroups.com
Betreff: Re: [netsniff-ng] PCAP Indexing?
On Thu, Oct 4, 2012 at 12:25 PM, Daniel Borkmann borkm...@iogearbox.net
On Mon, Oct 8, 2012 at 12:34 PM, sibir.chakrabo...@gmail.com wrote:
I downloaded and compiled the netsniff-ng. The replay works perfectly for 10G
and 1G rates, well above other open source softwares. I have achieved around
close to 2.6 Mpps with 512 byte packets and close to 5Mpps in 10G
On Wed, Oct 10, 2012 at 3:43 PM, Daniel Borkmann borkm...@iogearbox.net wrote:
On Wed, Oct 10, 2012 at 1:32 PM, sibir.chakrabo...@gmail.com wrote:
One more query is:
1) Currently you are reading the pcap frame into a TX_RING slot. Post that
it is sent to NIC. Can I read a pcap frame
On Wed, Oct 10, 2012 at 6:12 PM, sibir.chakrabo...@gmail.com wrote:
Just to make sure, so the buffer that is allocated to TX_RING can be
discared, if not required, if so, can you please give an example snippet code?
To familiarize yourself with the whole mechanism, you can read this:
Ok, I have to catch a 10hrs flight soon.
If someone else doesn't answer in the mean-time, you hear from me tomorrow.
On Thu, Oct 11, 2012 at 2:26 PM, sibir.chakrabo...@gmail.com wrote:
Also, in the latest build, I am getting only 1.8Mpps on 10G ixgbe drivers.
File selected is: My8GBFile.pcap
Auftrag von Daniel Borkmann
Gesendet: Donnerstag, 18. Oktober 2012 18:57
An: netsniff-ng@googlegroups.com
Betreff: [netsniff-ng] libnl3
Hi together,
the latest version has now been ported from libnl1.1 to libnl3.
(https://github.com/gnumaniacs/netsniff-ng)
If not in your OS distribution
On Tue, Oct 30, 2012 at 3:49 PM, Doug Burks doug.bu...@gmail.com wrote:
Thanks for the quick response! Replies inline.
On Tue, Oct 30, 2012 at 10:41 AM, Daniel Borkmann
borkm...@iogearbox.net wrote:
snip
-n snort.log
This makes daemonlogger name the files in the output directory
On Wed, Oct 31, 2012 at 3:14 PM, Doug Burks doug.bu...@gmail.com wrote:
On Wed, Oct 31, 2012 at 10:05 AM, Daniel Borkmann
borkm...@iogearbox.net wrote:
Hmm ... it should have been installed ... according to the libnl3-dev
file: http://packages.ubuntu.com/precise/amd64/libnl-3-dev/filelist
On Wed, Oct 31, 2012 at 2:52 PM, Doug Burks doug.bu...@gmail.com wrote:
On Wed, Oct 31, 2012 at 9:51 AM, Daniel Borkmann borkm...@iogearbox.net
wrote:
For future reference, I've added an entry in our TODO file to do this
properly.
Awesome, thanks!
Done. Path prefix and interval in size
On Wed, Oct 31, 2012 at 4:06 PM, Doug Burks doug.bu...@gmail.com wrote:
On Wed, Oct 31, 2012 at 11:04 AM, Daniel Borkmann
borkm...@iogearbox.net wrote:
How I hate cmake ... and without the first slash?
Like this?
PATH_SUFFIXES usr/include/libnl3
Same result:
-- Could NOT find Libnl
, Nov 1, 2012 at 9:05 AM, Doug Burks doug.bu...@gmail.com wrote:
On Wed, Oct 31, 2012 at 2:32 PM, Daniel Borkmann borkm...@iogearbox.net
wrote:
On Wed, Oct 31, 2012 at 4:06 PM, Doug Burks doug.bu...@gmail.com wrote:
On Wed, Oct 31, 2012 at 11:04 AM, Daniel Borkmann
borkm...@iogearbox.net wrote
On Wed, Nov 14, 2012 at 4:47 PM, Doug Burks doug.bu...@gmail.com wrote:
According to
https://github.com/gnumaniacs/netsniff-ng/commit/0609b47fa9c4aad6654e0881bf4d4424fc30f7a3,
Documentation/Motivation was removed, so should the following line be
removed from src/CMakeLists.txt?
In the -next repository you will find a new build system since
yesterday night. It is scheduled for inclusion into netsniff-ng 0.5.8,
which could be released roughly by the beginning of 2013.
We switched from cmake back to the classical make for a couple of
reasons. The usage of cmake gave us (in
By the way, if you have any other feature requests / wishes (besides
the list in TODO) that might be useful for many users, let us know,
and we'd be happy to further improve the toolkit.
On Sun, Dec 2, 2012 at 5:49 PM, Daniel Borkmann borkm...@iogearbox.net wrote:
On Sun, Dec 2, 2012 at 5:47 PM
add this to the TODOs for the next official release.
On Sun, Dec 2, 2012 at 3:50 PM, Daniel Borkmann borkm...@iogearbox.net
wrote:
By the way, if you have any other feature requests / wishes (besides
the list in TODO) that might be useful for many users, let us know,
and we'd be happy
, 2012 at 4:15 PM, Daniel Borkmann borkm...@iogearbox.net
wrote:
On Sun, Dec 2, 2012 at 10:11 PM, Doug Burks doug.bu...@gmail.com wrote:
Well, since you asked... :)
I know I can do the following to allow netsniff-ng to be run as a non-root
user:
sudo setcap cap_net_raw,cap_ipc_lock
On 01/25/2013 04:27 AM, Jon Schipp wrote:
I have many questions :)
Indeed, quite a lot at once, let me try to answer.
This compiles fine. My question is whether or not I'm jeq'ing
correctly to the ldh [6] line. I would think
that L1 would jump straight to the label at the end returning 1514
@googlegroups.com] Im
Auftrag von Daniel Borkmann
Gesendet: Freitag, 25. Januar 2013 09:54
An: netsniff-ng@googlegroups.com
Betreff: Re: [netsniff-ng] AW: [borkmann/netsniff-ng] 3348c5: netsniff-ng:
move contrib out
On 01/25/2013 09:30 AM, Markus Amend wrote:
What's your intention to do this? I see
On Mon, Jan 28, 2013 at 4:14 AM, Isaac Steidl isaac.ste...@laposte.net wrote:
I would like to know if there is a java port to netsniff-ng ?
I am running a debian server and would like to use java to try this library.
No, it's all in C. Note that netsniff-ng is not a library, but a set of
PM, Daniel Borkmann borkm...@iogearbox.net
wrote:
On Sun, Jan 27, 2013 at 10:56 AM, Daniel Borkmann
borkm...@iogearbox.net wrote:
On Sun, Jan 27, 2013 at 10:30 AM, Markus Amend mar...@netsniff-ng.org
wrote:
latest version of libpcap works.
Thanks for testing. On Monday, I'll try to find
On 02/09/2013 06:08 AM, Jon Schipp wrote:
~/netsniff-ng/Documentation/Bpfc: Furthermore, the Linux kernel has
undocumented BPF filter extensions that can be found in the virtual
machine source code [123] Link isn't listed for the reference point.
Is there any sort of reference for the
On 02/10/2013 12:30 PM, Daniel Borkmann wrote:
On 02/09/2013 06:08 AM, Jon Schipp wrote:
~/netsniff-ng/Documentation/Bpfc: Furthermore, the Linux kernel has
undocumented BPF filter extensions that can be found in the virtual
machine source code [123] Link isn't listed for the reference point
On 02/11/2013 09:17 PM, im.khosr...@gmail.com wrote:
I'm looking for a feature comparison between opensource full packet capture
solutions like netsniff-ng,daemonlogger,...
Is there any report available? if not, does anyone have some benchmark of these
tools? at least about netsniff-ng?
On 02/12/2013 03:33 PM, f.ing...@gmail.com wrote:
On Tuesday, 12 February 2013 13:59:03 UTC, Daniel Borkmann wrote:
On 02/12/2013 02:08 PM, Felix wrote:
I'm in the process of setting up netsniff to monitor my network traffic. I'd
like to have some indication of how many packets are being
way to do it differently I'm open to that.
On Tue, Feb 12, 2013 at 10:02 AM, Daniel Borkmann
borkm...@iogearbox.net wrote:
On 02/12/2013 03:33 PM, f.ing...@gmail.com wrote:
On Tuesday, 12 February 2013 13:59:03 UTC, Daniel Borkmann wrote:
On 02/12/2013 02:08 PM, Felix wrote:
I'm
On 02/13/2013 03:45 PM, Felix wrote:
On Tuesday, 12 February 2013 15:02:50 UTC, Daniel Borkmann wrote:
On 02/12/2013 03:33 PM, Felix wrote:
SNIP
As a bonus: is there a way to get any stats on the running process? The servers
will be running over a long period of time and so it would
On 02/12/2013 02:30 PM, Jon Schipp wrote:
I don't have any benchmarks between the two but I can recall from
personal experience that netsniff-ng was able to write all packets to
disk
when daemonlogger, under similar load, was dropping some of them.
Since benchmarks would be nice to have, I'll
For those who cannot attend ...
http://pub.netsniff-ng.org/paper/devconf_2013.pdf
... are the slides of the devconf.cz talk about netsniff-ng.
Best,
Daniel
--
You received this message because you are subscribed to the Google Groups
netsniff-ng group.
To unsubscribe from this group and
.
Heading out of town for the weekend.
Will be able to test sometime next weekend.
On Fri, Feb 22, 2013 at 6:25 AM, im.khosr...@gmail.com wrote:
On Wednesday, February 13, 2013 6:43:57 PM UTC+3:30, Daniel Borkmann wrote:
On 02/12/2013 02:30 PM, Jon Schipp wrote:
I don't have any benchmarks between
On 02/26/2013 09:33 AM, M.Rashid Zamani wrote:
Hi,
I have cloned the repo but when trying to make I face following problem:
~/netsniff-ng # make
/bin/sh: /root/.bashrc: No such file or directory
NACL_LIB_DIR/NACL_INC_DIR is undefined, building libnacl with curvetun!
Building netsniff-ng
to fix this?
TIA
On Tuesday, February 26, 2013 12:16:11 PM UTC+3:30, Daniel Borkmann wrote:
On 02/26/2013 09:33 AM, M.Rashid Zamani wrote:
Hi,
I have cloned the repo but when trying to make I face following problem:
~/netsniff-ng # make
/bin/sh: /root/.bashrc: No such file or directory
On 02/28/2013 05:14 PM, b...@coco.fr wrote:
Ok so how not to go through the packet Dissector then , and get the data
through console?
how can I have infinite packet capture?
What you could do is the following:
1) Run netsniff-ng with pcap output to stdout:
netsniff-ng -i eth0 -o - -b
On 03/04/2013 01:03 PM, Daniel Borkmann wrote:
On 03/04/2013 12:49 PM, M.Rashid Zamani wrote:
I would like to try mausezahn for generating traffic but I couldnt figure
how to. Are there any tutorials available on web? Is there any benefits for
using either one? What are the differences
On 03/04/2013 07:50 PM, b...@coco.fr wrote:
Ok I will try that.
what is --ring-size 500MB option ?
Should I use it to increase capture speed?
This might help, yes.
what is -o - supposed to do ?
It will dump the captured packets to stdout instead to
a pcap file. However, the pcap file
On 03/05/2013 05:15 PM, b...@coco.fr wrote:
I wish to stress test a packet sniffer to see what throughput it can have.
is it possible with trafgen to send over a million TCP packet per second to an
IP ?
Depending on your hardware, yes.
what command should I use?
See `trafgen -e` for an
On 03/05/2013 07:51 PM, Jon Schipp wrote:
On Tue, Mar 5, 2013 at 1:30 PM, Daniel Borkmann borkm...@iogearbox.net wrote:
On 03/05/2013 05:15 PM, b...@coco.fr wrote:
I wish to stress test a packet sniffer to see what throughput it can have.
is it possible with trafgen to send over a million TCP
On 03/05/2013 08:36 PM, Jon Schipp wrote:
On Tue, Mar 5, 2013 at 2:22 PM, Daniel Borkmann borkm...@iogearbox.net wrote:
On 03/05/2013 07:51 PM, Jon Schipp wrote:
On Tue, Mar 5, 2013 at 1:30 PM, Daniel Borkmann borkm...@iogearbox.net
wrote:
On 03/05/2013 05:15 PM, b...@coco.fr wrote:
I
On 03/05/2013 08:54 PM, b...@coco.fr wrote:
thanks John,
I succeeded but outgoing Syn packets are 2048 bytes long :
trafgen --in tcpsyn.cfg --out eth0 --num 1000
trafgen 0.5.7
1 packets to schedule
54 bytes in total
TX: 238.41 MiB, 122064 Frames, each 2048 Byte allocated
I assume you are
On 03/06/2013 02:14 PM, b...@coco.fr wrote:
I succesfully ran the test from another server but I am limited in outgoing
traffic.
that is why I wish to send the maximum number of TCP packet on the same machine
to test throughput of my program.
is that possible with trafgen ?
what command
On 03/07/2013 01:11 AM, b...@coco.fr wrote:
worked ! despite I had installed libnl-dev it did not work.
now I have trafgen 0.5.8-rc0
tried with --num 500 000WORKED
tried with --num 5 000 000crashed my server! had to reboot
but it seems to be faster and to use all cpu.
why did it
If someone is looking for a tutorial in Japanese language:
http://www.ainoniwa.net/ssp/?p=950
;-)
--
You received this message because you are subscribed to the Google Groups
netsniff-ng group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
On 03/09/2013 03:27 PM, b...@coco.fr wrote:
When using --cpus 1
it works as trafgen 0.5.7
I send 1 M packets and I receive 1 M
but once I specify --cpus 2
I send 1 M and I receive 150k only .
there is something wrong I think
I'm sorry but if you want us to help, then you have to provide
a
On 03/10/2013 03:57 AM, b...@coco.fr wrote:
Ok so Let me explain better
Server A is using trafgen to send the max packet/s
Server B has a program that capture incoming packets ( it is one of my own)
when using trafgen from 0.5.7
all 1 Mpackets are captured
when using trafgen 05.8rc
when
On 03/12/2013 02:54 AM, teddy lin wrote:
I'm testing the packet lost performance of netsniff-ng under the background
of 1Mbps ~ 100Mbps.
So, can I assume netsniff-ng runs on an embedded system?
The statistics showed by netsniff-ng is as follows (just an example, not
the real case)
On 03/18/2013 07:14 PM, Jon Schipp wrote:
Where can I find the TODO file? I don't see it in the github repo anymore.
Outsourced here:
http://pub.netsniff-ng.org/netsniff-ng/tools/TODO
We wanted to avoid polluting the Git log each time something new pops up.
I will still add your recent
On 03/22/2013 02:25 AM, Jon Schipp wrote:
Is it possible to bind to a single CPU, say #4, with a _configuration_ like this
cpu(3):{
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff,
On 04/09/2013 08:20 AM, Aimal Khan wrote:
I am a first time user of netsniff-ng and I am interested in using trafgen.
What I want to do is to generate packets on a tap interfaces, but I am
getting a Networking device not running! error; for linux virutal links,
I do not get this error and I am
On 04/11/2013 05:32 AM, Jon Schipp wrote:
What is the purpose of the kernel pull option?
-k|--kernel-pull uintKernel batch interval in us (def: 10us)
Is that where after every 10 microseconds the data in the ring buffer is
then transmitted out the net device?
Yes, each 10us (or
On 05/10/2013 11:36 PM, Daniel Borkmann wrote:
On 05/10/2013 11:25 PM, Clayton Davis wrote:
I am glad to report that Mausezahn cross-compiles successfully to ppc under
the Yocto project. There are some endianness issues (IP
addresses/Ethertypes in reverse order), but the bulk of MOPS
On 05/14/2013 12:25 PM, Roberto Martelloni wrote:
I've some question about netsniff-ng functionality:
1. is netsniff-ng multi-thread and if yes, is multi-thread development
improve the performance of the sniffer ?
Currently not, except you start multiple instances of it, bound to
Hi John,
On 05/21/2013 10:41 PM, John Lange wrote:
I've been using the bpfc tool lately, and it's very useful! I was wondering
whether the input file format might support constant value definitions that
could be used elsewhere within the file. For example, something like:
Thanks for using
On 05/18/2013 11:06 PM, Jon Schipp wrote:
I gave a talk at the Midwest Open Source Software Conference (University of
Louisville) today on Netsniff-NG.
It was well received. My time slot was not recorded for video.
For those that are interested my slides (final) are attached.
Thanks, really
On 05/22/2013 04:46 AM, Li Tianmei-BPF364 wrote:
Hi ,
I downloaded and installed the following netsniff-ng, then used it to capture
packets.
But I found the packet size was very small(like 8 or 9M), and many packets failed
filter(due to out of space), while other tools(such as tcpdump,
On 05/23/2013 11:56 PM, John Lange wrote:
I'm using the latest Centos 6.4, kernel 2.6.32-358.
Unfortunately xor and mod were added later than that,
just checked, it's not part of 2.6.32-358. If you have
the chance, upgrading your kernel would be an option.
--
You received this message because
Hi Irek,
On 05/27/2013 01:17 PM, Irek Wlizlo wrote:
I have strange situation and I'm looking for help.
I have two systems one with RHEL 6.3
2.6.32-279.9.1.el6.x86_64 #1 SMP Fri Aug 31 09:04:24 EDT 2012 x86_64 x86_64
x86_64 GNU/Linux
with netsniff from centos/epel repositories
netsniff-ng
On 05/26/2013 08:44 PM, Jon Schipp wrote:
This incomplete, but working, shell script may prove useful to some of you.
It serves two purposes:
1.) Generate usable packet configurations for trafgen quickly.
Right now, supports generation of beacon frames and syslog packets
2.) Format the
On 05/27/2013 03:01 PM, Irek Wlizlo wrote:
Daniel Borkmann borkmann@... writes:
On 05/27/2013 01:17 PM, Irek Wlizlo wrote:
[...]
I finally build latest (0.5.7) version from source on my system and repeat
the test.
Hm, you mean 0.5.8-rc0 from Git what I suggested, right?
You are right it's
On 05/28/2013 10:22 AM, Irek Wlizlo wrote:
Hi Daniel,
Daniel Borkmann dborkman@... writes:
On 05/27/2013 03:01 PM, Irek Wlizlo wrote:
Daniel Borkmann borkmann at ... writes:
On 05/27/2013 01:17 PM, Irek Wlizlo wrote:
[..]
Yes:
git clone git://github.com/borkmann/netsniff-ng.git
On 05/28/2013 02:27 PM, Irek Wlizlo wrote:
By the way is it possible to disable geoip feature from netsniff ?
Unfortunately, currently not. But this may well be changed in future, it's
in our todo queue.
Thanks,
Daniel
--
You received this message because you are subscribed to the Google
On 06/20/2013 07:27 PM, Robert Greenhouse wrote:
Hi,
I am trying to build netsniff and need python2.7.3-dev package in a tar ball?
Hm, why would you need python to build netsniff-ng?
It's purely written in C.
Thanks,
R
--
You received this message because you are subscribed to the
On 06/27/2013 02:03 AM, Jon Schipp wrote:
After doing a git clone yesterday from github.com/borkmann/netsniff-ng I've
been getting Out of memory errors after running trafgen.
Sorry for the late answer Jon. As we have discussed lots of stuff off-list,
this seem to have gotten lost under way.
maintained by Tobias Klauser and Daniel Borkmann together.
So here's a rc1 release that we throw at you with more than 1,000 changes.
During that time, netsniff-ng has matured quite a lot. Expect a few smaller
follow-up rc releases in the near future before the final 0.5.8 will be
released. There's
On 07/23/2013 12:32 AM, Jon Schipp wrote:
FYI:
New book, Practice Of Network Security Monitoring, PDF is available upon
purchase. I believe physical book ships next week if you've pre-ordered.
Mentions Netsniff-NG in context of SecurityOnion. Found netsniff-ng on 23
pages.
That's awesome!
On 07/25/2013 11:09 PM, Jon Schipp wrote:
Is there a Red Hat package of Netsniff-NG that's newer than 0.5.7?
If not, are there any plans to create one or even have netsniff-ng
integration into Red Hat?
Yes, already done, this is going to come. ;-)
--
You received this message because you are
-ng/netsniff-ng-0.5.8-rc2.tar.gz
The release can be verified via Git (see README):
git tag -v 0.5.8-rc2
Major high-level changes since the last release are:
1) Build system fixes and cleanups all over the place. From Tobias Klauser
and Daniel Borkmann.
2) Mausezahn man-pages improvements
On 08/12/2013 04:55 PM, allent...@gmail.com wrote:
[...]
(From the document https://help.ubuntu.com/community/Netsniff-NG)
Is the following command still valid?
Yep, it is.
Drop privileges to uid 1000 and write a new capture file to the current
directory after every 10GB
On 08/12/2013 08:29 PM, Jon Schipp wrote:
It's on the road map. See the slide titled What’s next in Netsniff-NG? [1]
I believe Daniel and Tobias are waiting on the PCAP indexing work of one of
their colleagues.
Yep, I will poke him when I'm back from vacation.
Daniel, Tobias, any word on the
On 08/13/2013 04:08 PM, PP QQ wrote:
Hi,
I have tested netsniff-ng capturing packets on my lo device using the command
below:
sudo netsniff-ng --in lo --out netsniff_dump.pcap -s -T 0xa1b2c3d4
The problem is that when I open the pcap file using Wireshark, all captured packets are
duplicate
On 08/16/2013 04:48 PM, branchnetconsult...@gmail.com wrote:
I built netsniff-ng 0.5.8-rc2 from git just last night on a 64bit Ubuntu
12.04.2 LTS box.
When I specify a time-based interval, netsniff-ng records for the full
interval but then crashes with a Poll failed! error before starting a 2nd
On 08/16/2013 09:54 PM, Allen Ting wrote:
Thanks for the answers.
I tried to limit the pcap file size to 100MB by setting the option to
be --interval
100MiB, however, I saw most of the pcap files were created at the size
around 170MB to 200MB. Is this the expected behavior?
Is this
On 08/21/2013 09:52 PM, Jon Schipp wrote:
I added the configurations outlined in Section 9.1 of RFC2544,
Benchmarking Methodology for Network Interconnect Devices to
gencfg [1]. Currently, it will write each configuration to a file in the
current working directory.
$ ./gencfg -G rfc2544 -s
On 08/22/2013 07:10 PM, Jon Schipp wrote:
Are BPF filters compiled for each packet that reaches a filter?
I assumed they were compiled once and then applied until the sniffing
application process ends.
BPF filters are attached to the kernel's socket representation. If no JIT is
active, the
On 09/04/2013 08:22 PM, Daniel Martin wrote:
Hey Daniel,
Thanks for your reply. I did compile your example
bpfc foo bar
Which did return
cat bar
{ 0x20, 0, 0, 0xf034 },
{ 0x16, 0, 0, 0x },
You need 3.10 or higher. This was developed during netfilter workshop,
and merged in on
Sorry for the late answer,
On 09/19/2013 09:12 PM, rometor...@gmail.com wrote:
Hi All,
I am looking on implementing HW filters using bpfc.
Very cool! BPF engine offloading into a NIC might be interesting!
This is a process outline
1) Generate BPF file in human readable format - How to use
On 09/23/2013 02:58 PM, Daniel Borkmann wrote:
On 09/23/2013 06:26 AM, onubogu Last Nameokey wrote:
Hi group members,
Please can someone help me debug this cmake and make error. I am trying to
install netsniff-ng-0.571 on ubuntu 9.10 Karmic Kaola.I have downloaded
(manually and using apt-get
On 10/21/2013 05:00 PM, Doug Burks wrote:
Hello all,
Have you considered implementing support for decoding ERSPAN? Looks
like gulp and snort currently support this:
Are you referring to the packet dissector or to store the decapsulated
data to a pcap file?
to not forget about
this idea.
Thanks,
Doug
On Tue, Oct 22, 2013 at 4:23 AM, Daniel Borkmann dbork...@redhat.com wrote:
On 10/21/2013 05:00 PM, Doug Burks wrote:
Hello all,
Have you considered implementing support for decoding ERSPAN? Looks
like gulp and snort currently support
On 12/17/2013 06:31 AM, Jon Schipp wrote:
Also, page 108 has a small section on installing and using ifpps.
That's awesome, thanks for the great news!
On Thu, Dec 12, 2013 at 11:21 PM, Jon Schipp jonsch...@gmail.com wrote:
FYI:
The Applied NSM book was released today [1]. From the table
On 12/17/2013 10:34 AM, Drasko DRASKOVIC wrote:
Hi all,
I am trying to compile netsniff-ng with Mausezahn under Yocto (Open
Embedded),
So far I have this output of configure:
...
[!] The following tools will *not* be built: curvetun flowtop astraceroute
mausezahn
[*] The following tools will be
On 12/20/2013 04:21 AM, Robert Edmonds wrote:
Hi,
I'm trying to figure out why netsniff-ng takes a long time to start up
on one of my machines. I'm running the latest git checkout on Debian
unstable (running the Debian 3.11.6 kernel), and when I run:
netsniff-ng --silent -i eth1 -o /dev/null
On 12/20/2013 07:08 PM, Robert Edmonds wrote:
Robert Edmonds wrote:
The funny thing is, I have a similar machine where netsniff-ng starts up
instantly. It seems like a kernel issue, so I will try updating the
problematic machine's kernel. I can also replicate the issue on the
problematic
On 12/23/2013 08:06 PM, Robert Edmonds wrote:
Hi,
I'm seeing the error message Flushing TX_RING failed: No such device or
address! when I try to run trafgen on Debian kernel 3.12.6, but not on 3.11.
Here is the full trafgen output:
A PF_PACKET stable patch for the kernel is on it's way to
Hi Olivier,
On 02/11/2014 05:33 PM, Olivier Marce wrote:
Hi guys
thanks a lot for this splendid toolkit.
I got a strange (for me) behavior that I would like to share with you.
Platform Ubuntu 12.10
I have a WiFi interface named wlan5 and IP@ 192.168.1.5 that I ping from
another machine. MAC@
We have decided to move the netsniff-ng upstream Git
repository to a new Github netsniff-ng organization:
Web:
https://github.com/netsniff-ng/netsniff-ng
Git:
git://github.com/netsniff-ng/netsniff-ng.git
Please update your Git origin to this location.
Thanks !
--
You received this
On 02/17/2014 01:44 PM, Daniel Borkmann wrote:
On 02/16/2014 04:13 PM, Daniel Borkmann wrote:
On 02/16/2014 03:15 PM, Lorenzo Pistone wrote:
On 02/16/2014 02:00 PM, Daniel Borkmann wrote:
It's a kernel bug in the VM subsystem, dealing with transparent hugepages.
A patch was submitted
On 03/17/2014 06:21 AM, rukanth sameera wrote:
Hi
Hello, I am rukanth. I am very happy to say i like your netsniff-ng toolkit
and it is very useful to me. I have to ask question that is what are the
compatible hardware for netsniff-ng.
Generally, you need a Linux box and the more recent your
On 05/07/2014 02:51 PM, Lorenzo Pistone wrote:
Hello,
the delay (-d) option is not satisfactory with low delays. The unavoidable
imprecision of the sleep time screws the actual pps a lot (see
http://www.martani.net/2011/07/nanosleep-usleep-and-sleep-precision.html). I
believe also that
On 03/29/2014 07:32 PM, mukul joshi wrote:
Hi,
I am working on one project where I am using mausezahn for packet
generation. I want to print the generated packet buffer (i.e. the whole
buffer which is delivered to the network interface) I want to provide this
packet buffer to another process
On 07/18/2014 03:49 PM, Tobias Klauser wrote:
On 2014-07-18 at 15:09:55 +0200, 'peter' via netsniff-ng
netsniff-ng@googlegroups.com wrote:
hi,
im looking for a way to automate packet generation for traffic
shaper testing.
found a testfile online and modified it a bit, only
source/destination
On 01/28/2015 11:15 PM, Vadim Kochan wrote:
From: Vadim Kochan vadi...@gmail.com
There might be more proto dissectors which
will make root src directory huge, hence move
them to the separate 'dissect' dir.
Signed-off-by: Vadim Kochan vadi...@gmail.com
For now I'd prefer them actually where
On 03/23/2015 11:37 AM, Vadim Kochan wrote:
On Mon, Mar 23, 2015 at 11:25:26AM +0100, Lorenzo Pistone wrote:
...
Thats what I got on 3.18 with the same cfg file:
$ trafgen/trafgen -c ~/trafgen.cfg -o wlp3s0 -n 1
4 packets to schedule
168 bytes in total
Running! Hang up with ^C!
Hi Lorenzo,
On 03/22/2015 03:13 PM, Lorenzo Pistone wrote:
Hi,
I'm trying to send UDP packets with zero length withthis simple configuration
on trafgen:
{
# --- ethernet header ---
0xbe, 0x15, 0x1d, 0x12, 0x1c, 0x57, # mac destination
0xfa, 0x16, 0x3e, 0xa0, 0x5d,
On 03/23/2015 03:39 PM, Lorenzo Pistone wrote:
I'm checking with netsniff-ng, I use the same interface with which I'm sending
this email
Ok, well that doesn't work. If you emit packets with trafgen, it
uses by default a path that bypasses the traffic control layer.
If you really want to see
(contrary to
lo), but when interrupting I get Cannot destroy the TX_RING: Device or resource
busy! for each CPU (so 4 times in my case). Looks like a start.
Il 23/03/2015 10:27, Daniel Borkmann ha scritto:
Hi Lorenzo,
On 03/22/2015 03:13 PM, Lorenzo Pistone wrote:
Hi,
I'm trying to send UDP
Thanks Michal, looks almost ready to go in!
Other than Tobias' excellent feedback, some minor things from my side:
On 04/14/2015 01:10 AM, Michal Purzynski wrote:
---
netsniff-ng.c | 28 +---
ring_rx.c | 17 -
ring_rx.h | 2 +-
3 files
On 04/22/2015 05:09 PM, Vadim Kochan wrote:
...
Sure, I will try to fix it, really I dont have a fix yet. The issue goes
from pcap ops in init one function, where IO prio is set, the first
think which came up in my mind is to have separate pcap ops for read
only where set IO prio will be not
On 04/22/2015 06:26 PM, Vadim Kochan wrote:
From: Vadim Kochan vadi...@gmail.com
It allows to read pcap file for users who have no
permissions to set process IO prio.
Signed-off-by: Vadim Kochan vadi...@gmail.com
I'm okay with that, read_pcap() is slow-path anyway.
Thanks
--
You received
1 - 100 of 171 matches
Mail list logo