[netsniff-ng] Re: flowtop: Example of UI tabs interface

On 01/13/2017 02:02 PM, Vadim Kochan wrote: Hi, I tried to extend flowtop UI to have some aggregated info via tabbed panel interface. Currently there is only 1 new "Process" tab which grouped flows stat info per unique pid (with summed rates & bytes). Plz let me know if it would be good to

[netsniff-ng] Re: trafgen: Would be it useful to have pktgen support ?

On 08/07/2016 07:46 PM, Vadim Kochan wrote: Hi, I did not ever use Linux pktgen feature, but I just catch the idea if it would be good to have option to send trafgen protocol built packet via Linux pktgen ? Theoretically it is possible to create simple and generic code to generate raw or pktgen

[netsniff-ng] Re: [PATCH 1/3] trafgen: Allow to compile without libnl

On 08/03/2016 09:34 AM, Tobias Klauser wrote: [...] Form the point of view of compiling nesniff-ng/trafgen there is no difference of whether an external library "exists" or was explicitely disabled by the user. I'd really prefer CONFIG_LIBNL for this and I don't think more fine-grained control

[netsniff-ng] Re: flowtop: Flows visual separating

Hi Vadim, thanks for looking into this, appreciate it! On 02/20/2016 03:28 PM, Vadim Kochan wrote: On Sat, Feb 20, 2016 at 1:25 AM, Vadim Kochan wrote: Hi, I tried to come up with visual separating of printed flows as currently its not easy to identify separate flow

Re: [netsniff-ng] netsniff-ng output file name by date

On 02/19/2016 10:10 AM, Vadim Kochan wrote: Simply because netsniff-ng does not support custom date-time format for pcap file name. But as I said we can extend it in the similar way like tcpdump does. Agreed, that might be useful. Thanks, Daniel -- You received this message because you are

Re: [netsniff-ng] Capture every n packets

On 02/18/2016 12:09 PM, Vadim Kochan wrote: Hi Lorenzo, On Sat, Feb 6, 2016 at 11:16 PM, Lorenzo Pistone wrote: Hi, I would like to suggest a feature. It would be nice to have an option to capture a packet only once every N packets. I can see that one could implement

Re: [netsniff-ng] Replay pcap file on Xenomai kernel in real time

On 02/01/2016 04:51 PM, Tobias Klauser wrote: On 2016-02-01 at 15:38:28 +0100, Umair Ali wrote: [...] Sorry, but reviewing a random dump of code (that doesn't even compile) goes beyond the scope of what I'd consider support/help for netsniff-ng. +1 Ali, I find your

Re: [netsniff-ng] Synchronize file creation between netsniff-ng processes possible?

On 01/27/2016 02:13 PM, e.bengts...@gmail.com wrote: [...] Is it possible to add some kind of signal interface for controlling start of new files instead of relying on incoming events? I have pulled the source and had a look but don't really know how to proceed... If you have some cycles, it

Re: [netsniff-ng] Re: Shell variables support in trafgen

[ Thanks Vadim! Actually Cc'ing him here. ] On 12/17/2015 12:38 PM, Vadim Kochan wrote: On Wednesday, May 13, 2015 at 10:04:28 AM UTC+3, Kenneth Aaron wrote: Hi, Is it possible to use shell variables in the configuration file? The use case I have is a script that sets variables such as IP

Re: [netsniff-ng] Adjusting PPS ?

On 12/14/2015 02:45 PM, Burak Özalp wrote: Hi everbody, I recently use trafgen, it is very useful and with your helps, I manage to create 6Mpps as you know. My problem is, is it possible to set pps value with argument or config file? I need very small values (like 140pps) and i want to use

Re: [netsniff-ng] TCP-SYN Flood Config file

On 11/30/2015 01:02 PM, Burak Özalp wrote: ... I realized that i use v0.5.8 in CentOS 7. İ tested with v0.6.0 with 12 core and finally i can manage to send 6 Mpps without any flags(with Jasper adjusted syn_attack config file) ! Nice to hear! Thanks! -- You received this message because you

Re: [netsniff-ng] RPM v.0.6.0 Centos 7

On 11/30/2015 10:21 AM, Burak Özalp wrote: Hi everyone, I realized that --qdisc-path option is not available on version 0.5.8-6 whish is the latest RPM on CentoOS 7. Could you please upload the latest RPM (v0.6.0) for CentOS 7. I think you need to open a bug against RHEL7 (there should be a

Re: [netsniff-ng] TCP-SYN Flood Config file

On 11/27/2015 08:57 AM, Burak Özalp wrote: Hi everyone; First of all, you've done great job with netsniff-ng!Congrulations! I want to use trafgen to simulate an syn_flood attack. In --help, i saw that " trafgen --dev eth0 --conf tcp_syn.cfg -u `id -u bob` -g `id -g bob`" command. Could you

Re: [netsniff-ng] TCP-SYN Flood Config file

on your network tuning and hardware, people have reported to get ~6Mpps on TCP SYNs: https://www.mail-archive.com/netdev@vger.kernel.org/msg87192.html What kernel/settings do you have for fine-tuning? On 27-11-2015 11:13, Daniel Borkmann wrote: On 11/27/2015 08:57 AM, Burak Özalp wrote: Hi

Re: [netsniff-ng] Re: [PATCH 2/2] trafgen: Allow to build packet from command line

On 11/09/2015 12:26 PM, vkochan wrote: ... If you conceptually agree with this idea, I probably may re-work series and add separate '-p, --pkt' option for the specify packet language from command line, or additionally send this as separate patch. Can you elaborate on "specify packet language"?

Re: [netsniff-ng] Re: [PATCH] build: Check for libnl-route

On 11/06/2015 05:06 PM, Vadim Kochan wrote: On Fri, Nov 06, 2015 at 05:05:38PM +0100, Tobias Klauser wrote: On 2015-11-06 at 16:53:02 +0100, Vadim Kochan wrote: On Fri, Nov 06, 2015 at 04:36:08PM +0100, Tobias Klauser wrote: On 2015-11-06 at 15:46:16 +0100, Vadim Kochan

Re: [netsniff-ng] Stats differences between ifpps and netsniff-ng.

On 10/13/2015 11:37 AM, tmartin...@gmail.com wrote: Hello, I'm currently trying to do some stats (max pps, max bps, etc) on a company network traffic. My setup is quite simple: all traffic going through the "external" interface of a firewall is mirrored to a network interface on a server.

Re: [netsniff-ng] Netsniff-ng Packet Capture with Intervals

On 08/07/2015 12:01 AM, Stefano Pirrello wrote: I took another look at my server and saw the process is hung up again. See below on how many captures were successful but eventually they stopped generating. ~/captures$ ls -ltr total 3297540 -rwxr--r-- 1 n3tus3r n3tus3r 6225 Aug 3 23:06

Re: [netsniff-ng] [PATCH] flowtop: Fix collector stuck while flush IPv6 flows

On 07/27/2015 12:20 AM, Vadim Kochan wrote: On Sun, Jul 26, 2015 at 09:57:04PM +0300, Vadim Kochan wrote: On Sun, Jul 26, 2015 at 08:39:04PM +0200, Daniel Borkmann wrote: On 07/25/2015 06:09 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Seems it was caused by specifying all

Re: [netsniff-ng] [PATCH] flowtop: Use prev next vars in flow_list_find_prev_id(...)

On 07/25/2015 07:22 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Replace n tmp variables to more understandable prev next. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied. -- You received this message because you are subscribed to the Google Groups netsniff-ng

Re: [netsniff-ng] [PATCH] ifpps: Cleanup screen on panic

On 07/26/2015 02:17 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Clean up ncurses screen when panic was caused. There will be limitation that error message will be printed on stderr after ncurses cleanup so it will be needed now to use redirect to error file: ifpps -d dev

Re: [netsniff-ng] [PATCH] ifpps: Fix panic when dev name contains _

On 07/26/2015 02:01 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Add match device name with _ in /proc/net/dev. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks! -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To

Re: [netsniff-ng] [PATCH 0/3] flowtop: Convert int - bool in several funcs

On 07/25/2015 06:56 PM, Vadim Kochan wrote: This series converts int - bool in several functions: - flow_entry_get_extended_is_dns(...) - get_port_inode(..) - presenter_get_port(..) Series applied, thanks. -- You received this message because you are subscribed to the Google

Re: [netsniff-ng] [PATCH] flowtop: Fix collector stuck while flush IPv6 flows

On 07/25/2015 06:09 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Seems it was caused by specifying all netfilter groups when flushing connections. Used separated nfct instance w/o netfilter groups to flush ipv4/ipv6 connections. More info can be fetched from the issue item on

[netsniff-ng] Re: [PATCH] flowtop: Check dst port when resolve process id

On 07/23/2015 08:15 AM, Vadim Kochan wrote: ... Sorry this might be buggy if dst port from #1 connection will be the same as src port from connectoin #2, so it needs to do checking separately for src dst in case if src lookup was failed. Ok, dropped. -- You received this message because you

Re: [netsniff-ng] [PATCH 0/2] flowtop: Revert cond lock wait before screen initializing

On 07/18/2015 01:12 PM, Vadim Kochan wrote: This series reverts unnecesseary cond lock when presenter waits for collector to finish its initializing part before do screen initializing, it was added only to do not panic collector when screen is initialized with ncurses so after this shell will

Re: [netsniff-ng] [PATCH 0/3] sysctl: Use new sysctl set/get helpers

On 07/20/2015 10:12 AM, Vadim Kochan wrote: On Mon, Jul 20, 2015 at 10:09:52AM +0200, Daniel Borkmann wrote: On 07/19/2015 01:41 PM, Vadim Kochan wrote: Replace direct access to /proc/sys params by new added helpers from sysctl.c module. Looks good, applied. Thanks for following up

Re: [netsniff-ng] netsniff-ng dropping packets at 80Mbps

On 07/20/2015 02:06 PM, Unnikannan Nair, Jishnu wrote: Hi I'm running the latest version 0.5.9, and im not running it in silent mode as of now just to see the dropped packets information when the capture is complete. I intend to run it as silent when all issues are solved :) Well, dumping

Re: [netsniff-ng] netsniff-ng dropping packets at 80Mbps

On 07/20/2015 01:45 PM, Unnikannan Nair, Jishnu wrote: Hi I'm trying to build a network sniffer for UDP multicast streams using netsniff-ng. I have deployed two linux systems (Ubuntu server 14.04 LTS) on an ESXi one has the sniffer and other has tcpreplay sending packets at needed Mbps. The

Re: [netsniff-ng] netsniff-ng dropping packets at 80Mbps

On 07/20/2015 02:21 PM, Unnikannan Nair, Jishnu wrote: So are you saying that it's impossible to dump pcap files at this rate?? Please, that's not what I wrote in my email. I wrote that you should use -s. -- You received this message because you are subscribed to the Google Groups

Re: [netsniff-ng] netsniff-ng dropping packets at 80Mbps

On 07/20/2015 04:58 PM, Unnikannan Nair, Jishnu wrote: Hi I have double checked, it seems if I run with -s option with the application saving files on to a folder --out /share/capture/job/ will not give any statistics up on stopping it using ^C. And it is giving a Cannot set NIC Flags message

Re: [netsniff-ng]

On 07/14/2015 04:57 PM, Vadim Kochan wrote: vadi...@gmail.com Bcc: Subject: Re: [netsniff-ng] wrong number of packets filtered in Reply-To: In-Reply-To: ac7d7957a7715142afeae26281c9be9851d99...@srveurmbx06.nov.com On Mon, Jul 13, 2015 at 02:27:22PM +, Unnikannan Nair, Jishnu wrote: Hi I'm

[netsniff-ng] Re: flowtop: ping for fixes ...

On 07/13/2015 10:24 AM, Vadim Kochan wrote: Hi, After 1 week I decided to ping for some flowtop related fixes: http://article.gmane.org/gmane.linux.network.netsniff-ng/973 http://article.gmane.org/gmane.linux.network.netsniff-ng/974 Sorry for the long delay. I've applied both

Re: [netsniff-ng] [PATCH] flowtop: Fix flows disappearing

On 07/04/2015 09:18 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com While removing flow which is pointed by 'head' then head is set to NULL and all the list disappears, so fixed by set removing flow next entry to list 'head'. Signed-off-by: Vadim Kochan vadi...@gmail.com

Re: [netsniff-ng] [PATCH 0/5] flowtop: Add traffic accounting dump

On 07/13/2015 12:09 PM, Vadim Kochan wrote: On Mon, Jul 13, 2015 at 12:31:39PM +0300, Vadim Kochan wrote: ... If I understood correctly, you asked to do not use separated sysctl module unless it will not be used in other places ? But these funcs can be used statically in flowtop.c so they then

Re: [netsniff-ng] [RFC v2 00/10] trafgen: Build protocol packet via command line

On 06/29/2015 02:58 AM, Vadim Kochan wrote: Hi, This is the 1-st try version of how I see the protocol generation API for the trafgen util as mz replacement (at least for better performance). I am sending this just because to get your feedback about conceptual idea, and as soon as I got some

Re: [netsniff-ng] netsniff-ng: Incorrect packet count #73: May be closed ?

[ Cc'ing Jon ] On 06/29/2015 11:32 AM, Vadim Kochan wrote: Hi, Since the possible fix was comitted there was no response from #jonship may be it can be closed ? https://github.com/netsniff-ng/netsniff-ng/issues/73 Regards, -- You received this message because you are subscribed to the

Re: [netsniff-ng] mausezahn: TX fast path ... or may be rewrite everything ?

On 06/21/2015 07:02 PM, Vadim Kochan wrote: ... Not sure if it is necessary to use libnet by trafgen as it is used by mz to generate packets ? It will add the new dependency, but seems it can simplify generation of the proto packets. Yes sure, we shouldn't depend on it, I think some small

Re: [netsniff-ng] mausezahn: TX fast path ... or may be rewrite everything ?

On 06/22/2015 03:37 PM, Vadim Kochan wrote: ... Well, anyway I am trying to implement basic cmdline mz-like proto generation API with few layered protocols: eth, ip, udp for trafgen utility. If I success with this I will share the patch series (I will try to better split it for easier review).

Re: [netsniff-ng] mausezahn: TX fast path ... or may be rewrite everything ?

On 06/19/2015 10:46 AM, Vadim Kochan wrote: ... OK here is another (may be better) design. Here is an example of the cfg script: { eth { dst: eth_addr(AA:BB:CC:DD:EE:FF) proto: ipv4, } ip { src: ip_addr(192.168.1.1) dst:

Re: [netsniff-ng] [PATCH 0/2 v2] Add suport for Linux cooked header sniff dissect

On 06/20/2015 12:38 AM, Vadim Kochan wrote: ... Regarding cleanups ... what do you think about change pcap_pkthdr_t to: typedef struct { union { struct pcap_pkthdr ppo; struct pcap_pkthdr_ns ppn; struct

Re: [netsniff-ng] [PATCH 0/2 v2] Add suport for Linux cooked header sniff dissect

to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. From 045e9395ca9c2971ab7f7a886f5d6b4cf679c7fd Mon Sep 17 00:00:00 2001 Message-Id: 045e9395ca9c2971ab7f7a886f5d6b4cf679c7fd.1434749532.git.dan...@iogearbox.net From: Daniel Borkmann dan

Re: [netsniff-ng] [PATCH 0/2 v2] Add suport for Linux cooked header sniff dissect

On 06/18/2015 11:49 AM, Daniel Borkmann wrote: On 06/18/2015 11:42 AM, Vadim Kochan wrote: On Thu, Jun 18, 2015 at 10:45:29AM +0200, Daniel Borkmann wrote: I've started splitting this into smaller digestible chunks, couple of more evenings and it should be done from my side. Thanks for your

Re: [netsniff-ng] [PATCH 0/2 v2] Add suport for Linux cooked header sniff dissect

On 06/19/2015 10:58 PM, Vadim Kochan wrote: On Fri, Jun 19, 2015 at 10:47:49PM +0200, Daniel Borkmann wrote: ... @@ -737,6 +837,24 @@ static inline void pcap_validate_header(const struct pcap_filehdr *hdr) if (unlikely(hdr-version_minor != PCAP_VERSION_MINOR

Re: [netsniff-ng] mausezahn: TX fast path ... or may be rewrite everything ?

On 06/18/2015 03:24 PM, Vadim Kochan wrote: On Thu, Jun 18, 2015 at 11:07:12AM +0200, Daniel Borkmann wrote: On 06/18/2015 10:57 AM, Vadim Kochan wrote: ... Not yet, but I will try keep thinking about this, and will let know if I will have some real ideas regarding implementation. Sounds

Re: [netsniff-ng] [PATCH 0/2 v2] Add suport for Linux cooked header sniff dissect

I've started splitting this into smaller digestible chunks, couple of more evenings and it should be done from my side. Thanks for your patience. -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving

Re: [netsniff-ng] mausezahn: TX fast path ... or may be rewrite everything ?

On 06/18/2015 01:30 AM, Vadim Kochan wrote: Hi, I tried to look over mz tool and try to start adding TX fast path as it is done in trafgen but I am not sure it will be easy, for me it seems the code is not easy to change. I have no some objective arguments but I feel that may be it would be

Re: [netsniff-ng] mausezahn: TX fast path ... or may be rewrite everything ?

On 06/18/2015 10:57 AM, Vadim Kochan wrote: ... Not yet, but I will try keep thinking about this, and will let know if I will have some real ideas regarding implementation. Sounds good! -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To

Re: [netsniff-ng] [PATCH 2/3] netsniff-ng: Add support of Linux cooked header

On 06/13/2015 02:30 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Use Linux cooked header for Netlink interface automatically of as replavement of L2 header by specifiyng --cooked option. http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html cooked header makes sense to

Re: [netsniff-ng] [PATCH 1/3] dev: Add device string convertions (addr, dev type)

On 06/13/2015 02:30 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Move device string convertions funcs (device_type2str, device_addr2str) from proto_nlmsg.c to dev.c to use them in other modules. Signed-off-by: Vadim Kochan vadi...@gmail.com Patch 1/3 applied with minor

Re: [netsniff-ng] slow packet rate on a pair of ports

On 06/06/2015 01:05 AM, Perf Tech wrote: I have a PC with 3 NICs (eth0 is Intel 82579LM NIC, eth1 is 82574L), OS is ubuntu 12.04 server. I connected eth0 and eth1 with a ethernet cable and both ports are up. Trying to find out how fast trafgen(0.5.9-rc4) can send packets on this system. #

Re: Fwd: [netsniff-ng] error when running trafgen for the first time.

On 06/05/2015 09:58 AM, Vadim Kochan wrote: ... May be you should add --cpp option ? $./trafgen --dev eth0 --conf tmp2.txt --rand --gap 1000us --cpp Yes, that's correct. Thanks for the quick reply, Vadim! -- You received this message because you are subscribed to the Google Groups

Re: [netsniff-ng] [PATCH] netsniff-ng nlmsg: Dissect rtnl route type messages

On 06/04/2015 09:34 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Dump RTnetlink routing related info with attributes. Signed-off-by: Vadim Kochan vadi...@gmail.com Applied, thanks Vadim. Please in future don't reuse the exact same patch subject resp. commit message from some

Re: Fwd: [netsniff-ng] error when running trafgen for the first time.

On 06/06/2015 12:16 AM, Vadim Kochan wrote: ... Do you have cpp installed on your machine? I think in that case there could be a message like: sh: cpp: command not found Failed to invoke C preprocessor! Yes, agreed. Want to send a patch? ;) -- You received this message because you are

Re: [netsniff-ng] [PATCH] netsniff-ng: Add support of pcap cooked header

On 06/02/2015 10:44 AM, Vadim Kochan wrote: On Tue, Jun 02, 2015 at 10:36:12AM +0200, Daniel Borkmann wrote: On 06/01/2015 05:43 PM, Vadim Kochan wrote: On Mon, Jun 01, 2015 at 05:14:10PM +0200, Daniel Borkmann wrote: On 06/01/2015 04:23 PM, Vadim Kochan wrote: ... I checked

Re: [netsniff-ng] curvetun logfile?

Hi Benjamin, Sorry for the late reply, this slipped through. :/ On 04/23/2015 05:21 PM, Benjamin Henrion wrote: Hi, Would it be possible to have an option to curvetun to log to a logfile? Curvetun sends to syslog, but on my system I want to avoid having a syslog daemon. I have made an init

Re: [netsniff-ng] [RFC] netsniff-ng: Add support of pcap cooked header

On 05/10/2015 02:37 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Since Netlink messages are written in default pcap format there is no way to identify Netlink family by socket protocol number, so use pcap cooked header for Netlink messages as described here:

Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout

On 05/07/2015 02:32 AM, Michał Purzyński wrote: I used 3.13 for testing. It's in Ubuntu as HWE stack. So, following commit was added v3.0-rc4-846-gdc99f60 ... commit dc99f600698dcac69b8f56dda9a8a00d645c5ffc Author: David S. Miller da...@davemloft.net Date: Tue Jul 5 01:45:05 2011 -0700

Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout

On 05/07/2015 04:47 PM, arse...@gmail.com wrote: ... I am very sorry but it looks like this was working all the time at least in couple of modes but I messed up ls command and didn't see other files ! Ok, no problem. It's good that we now have it verified from a couple of people that it works

Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout

Sorry for the late answer. On 05/01/2015 02:53 PM, arse...@gmail.com wrote: ... Interesting, lets say if you use --fanout-type lb, would that make a difference? This should round robin each packet between these 3 processes, so you should definitely see something unless we have a bug. ;) Let me

Re: [netsniff-ng] [PATCH] netsniff-ng: Do not use O_NOATIME when read pcap

On 05/06/2015 07:36 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com It fixes the case when user made pcap file in sudo mode but after it should still use sudo to read it because of setting O_NOATIME option requires higher privileges. Signed-off-by: Vadim Kochan vadi...@gmail.com

Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout

On 05/06/2015 11:52 PM, Daniel Borkmann wrote: Sorry for the late answer. On 05/01/2015 02:53 PM, arse...@gmail.com wrote: ... Interesting, lets say if you use --fanout-type lb, would that make a difference? This should round robin each packet between these 3 processes, so you should

Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout

On 05/07/2015 12:14 AM, Michał Purzyński wrote: That were my results as well. It would be worthwhile to investigate how the hash is generated in the kernel. I remember, somewhere in the original patch that introduced this functionality, developers decided to let the hardware generate rxhash and

Re: [netsniff-ng] [PATCH] netsniff-ng: Fix capturing extra packets from other dev

On 05/05/2015 12:10 PM, Daniel Borkmann wrote: On 05/05/2015 11:26 AM, Tobias Klauser wrote: On 2015-05-02 at 22:54:50 +0200, Vadim Kochan vadi...@gmail.com wrote: On Sat, May 02, 2015 at 07:00:53PM +0200, Tobias Klauser wrote: On 2015-04-29 at 21:18:24 +0200, Vadim Kochan vadi...@gmail.com

Re: [netsniff-ng] netsniff-ng: wireshark does not understand pcap file with Netlink frames

On 05/05/2015 12:59 PM, Vadim Kochan wrote: Wireshark does not understand netsniff-ng's pcap file with Netlink frames, I assume thats because W-shark expects that each Netlink frame should have additional header on-top described here:

Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout

Hi Ivan, On 04/30/2015 05:28 PM, arse...@gmail.com wrote: Hi all, I have been using netsniff-ng for some time now and am very excited about packet fanout feature. Cool, great to hear! :) Have one AF_PACKET hash fanout functionality related question if somebody has time to comment : how

Re: [netsniff-ng] netsniff-ng: Do we need to set IO prio when do only read from pcap ?

On 04/22/2015 05:09 PM, Vadim Kochan wrote: ... Sure, I will try to fix it, really I dont have a fix yet. The issue goes from pcap ops in init one function, where IO prio is set, the first think which came up in my mind is to have separate pcap ops for read only where set IO prio will be not

Re: [netsniff-ng] [PATCH] netsniff-ng: Dont set IO prio when reading pcap file

On 04/22/2015 06:26 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com It allows to read pcap file for users who have no permissions to set process IO prio. Signed-off-by: Vadim Kochan vadi...@gmail.com I'm okay with that, read_pcap() is slow-path anyway. Thanks -- You received

Re: [netsniff-ng] netsniff-ng: mac80211: Better print layout for HT Capabilities element ?

On 04/22/2015 11:50 PM, Vadim Kochan wrote: ... I think that HT Capabilities element info should be showed in more structured view so it will be more readable what do you think ? Does someone have a better option ? Yes, I'm fine with that. -- You received this message because you are

Re: [netsniff-ng] [Re: multiple instances of netsniff-ng with AF_PACKET hash fanout] Initial implementation of a multiprocess functionality.

Hi Michal, On 04/14/2015 09:53 AM, Daniel Borkmann wrote: Thanks Michal, looks almost ready to go in! Okay, I just fixed everything up and pushed it out under your authorship: https://github.com/netsniff-ng/netsniff-ng/commit/f00d4d54f28c0374cc57e6ca07dd648d7684c69c We can still fix

Re: [netsniff-ng] [PATCH] mac80211: Check existing of generated monX device

Hi Vadim, On 04/17/2015 09:04 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com Fixed case when netsniff fails if there is already existing monX device while generating. Signed-off-by: Vadim Kochan vadi...@gmail.com ... +int device_ifindex(const char *ifname) +{ + int index

Re: [netsniff-ng] [Re: multiple instances of netsniff-ng with AF_PACKET hash fanout] Initial implementation of a multiprocess functionality.

On 04/21/2015 01:13 PM, Michał Purzyński wrote: Thanks a lot, I was trying to find a time for it over the weekend, turned out to be difficult so decided to work on it next weekend :-) No problem. ;) Thanks for looking into this! I'll focus on some good documentation next, showing how to use

Re: [netsniff-ng] [Re: multiple instances of netsniff-ng with AF_PACKET hash fanout] Initial implementation of a multiprocess functionality.

Thanks Michal, looks almost ready to go in! Other than Tobias' excellent feedback, some minor things from my side: On 04/14/2015 01:10 AM, Michal Purzynski wrote: --- netsniff-ng.c | 28 +--- ring_rx.c | 17 - ring_rx.h | 2 +- 3 files

Re: [netsniff-ng] multiple instances of netsniff-ng with AF_PACKET hash fanout

On 04/11/2015 06:59 PM, Michał Purzyński wrote: OK, try one. I'm ready to accept heavy artillery fire ;-) Man, it takes a while to find a free letter for getopt. Two new parameters were added: -C cluster id with integer that represents the socket fanout group identifier and must be shared

Re: [netsniff-ng] trafgen seems broken on kernel 3.19

On 03/23/2015 11:37 AM, Vadim Kochan wrote: On Mon, Mar 23, 2015 at 11:25:26AM +0100, Lorenzo Pistone wrote: ... Thats what I got on 3.18 with the same cfg file: $ trafgen/trafgen -c ~/trafgen.cfg -o wlp3s0 -n 1 4 packets to schedule 168 bytes in total Running! Hang up with ^C!

Re: [netsniff-ng] trafgen seems broken on kernel 3.19

Hi Lorenzo, On 03/22/2015 03:13 PM, Lorenzo Pistone wrote: Hi, I'm trying to send UDP packets with zero length withthis simple configuration on trafgen: { # --- ethernet header --- 0xbe, 0x15, 0x1d, 0x12, 0x1c, 0x57, # mac destination 0xfa, 0x16, 0x3e, 0xa0, 0x5d,

Re: [netsniff-ng] trafgen seems broken on kernel 3.19

On 03/23/2015 03:39 PM, Lorenzo Pistone wrote: I'm checking with netsniff-ng, I use the same interface with which I'm sending this email Ok, well that doesn't work. If you emit packets with trafgen, it uses by default a path that bypasses the traffic control layer. If you really want to see

Re: [netsniff-ng] trafgen seems broken on kernel 3.19

(contrary to lo), but when interrupting I get Cannot destroy the TX_RING: Device or resource busy! for each CPU (so 4 times in my case). Looks like a start. Il 23/03/2015 10:27, Daniel Borkmann ha scritto: Hi Lorenzo, On 03/22/2015 03:13 PM, Lorenzo Pistone wrote: Hi, I'm trying to send UDP

Re: [netsniff-ng] [PATCH] netsniff-ng: Move proto dissectors to separate dir

On 01/28/2015 11:15 PM, Vadim Kochan wrote: From: Vadim Kochan vadi...@gmail.com There might be more proto dissectors which will make root src directory huge, hence move them to the separate 'dissect' dir. Signed-off-by: Vadim Kochan vadi...@gmail.com For now I'd prefer them actually where

Re: [netsniff-ng] tcpdump capture delays and dropped packets

On 07/18/2014 03:49 PM, Tobias Klauser wrote: On 2014-07-18 at 15:09:55 +0200, 'peter' via netsniff-ng netsniff-ng@googlegroups.com wrote: hi, im looking for a way to automate packet generation for traffic shaper testing. found a testfile online and modified it a bit, only source/destination

Re: [netsniff-ng] refine delay in mausezahn, or provide a pps/bitrate option

On 05/07/2014 02:51 PM, Lorenzo Pistone wrote: Hello, the delay (-d) option is not satisfactory with low delays. The unavoidable imprecision of the sleep time screws the actual pps a lot (see http://www.martani.net/2011/07/nanosleep-usleep-and-sleep-precision.html). I believe also that

Re: [netsniff-ng] Need help Regarding mausezahn tool

On 03/29/2014 07:32 PM, mukul joshi wrote: Hi, I am working on one project where I am using mausezahn for packet generation. I want to print the generated packet buffer (i.e. the whole buffer which is delivered to the network interface) I want to provide this packet buffer to another process

Re: [netsniff-ng] netsniff-ng

On 03/17/2014 06:21 AM, rukanth sameera wrote: Hi Hello, I am rukanth. I am very happy to say i like your netsniff-ng toolkit and it is very useful to me. I have to ask question that is what are the compatible hardware for netsniff-ng. Generally, you need a Linux box and the more recent your

[netsniff-ng] [announce] netsniff-ng.git upstream url

We have decided to move the netsniff-ng upstream Git repository to a new Github netsniff-ng organization: Web: https://github.com/netsniff-ng/netsniff-ng Git: git://github.com/netsniff-ng/netsniff-ng.git Please update your Git origin to this location. Thanks ! -- You received this

Re: [netsniff-ng] Almost kernel panic

On 02/17/2014 01:44 PM, Daniel Borkmann wrote: On 02/16/2014 04:13 PM, Daniel Borkmann wrote: On 02/16/2014 03:15 PM, Lorenzo Pistone wrote: On 02/16/2014 02:00 PM, Daniel Borkmann wrote: It's a kernel bug in the VM subsystem, dealing with transparent hugepages. A patch was submitted

Re: [netsniff-ng] netsniff-ng vs tshark

Hi Olivier, On 02/11/2014 05:33 PM, Olivier Marce wrote: Hi guys thanks a lot for this splendid toolkit. I got a strange (for me) behavior that I would like to share with you. Platform Ubuntu 12.10 I have a WiFi interface named wlan5 and IP@ 192.168.1.5 that I ping from another machine. MAC@

Re: [netsniff-ng] trafgen: Flushing TX_RING failed: No such device or address!

On 12/23/2013 08:06 PM, Robert Edmonds wrote: Hi, I'm seeing the error message Flushing TX_RING failed: No such device or address! when I try to run trafgen on Debian kernel 3.12.6, but not on 3.11. Here is the full trafgen output: A PF_PACKET stable patch for the kernel is on it's way to

Re: [netsniff-ng] netsniff-ng takes a long time to start up?

On 12/20/2013 04:21 AM, Robert Edmonds wrote: Hi, I'm trying to figure out why netsniff-ng takes a long time to start up on one of my machines. I'm running the latest git checkout on Debian unstable (running the Debian 3.11.6 kernel), and when I run: netsniff-ng --silent -i eth1 -o /dev/null

Re: [netsniff-ng] netsniff-ng takes a long time to start up?

On 12/20/2013 07:08 PM, Robert Edmonds wrote: Robert Edmonds wrote: The funny thing is, I have a similar machine where netsniff-ng starts up instantly. It seems like a kernel issue, so I will try updating the problematic machine's kernel. I can also replicate the issue on the problematic

Re: [netsniff-ng] Cross-compiling netsniff-ng with Mausezahn

On 12/17/2013 10:34 AM, Drasko DRASKOVIC wrote: Hi all, I am trying to compile netsniff-ng with Mausezahn under Yocto (Open Embedded), So far I have this output of configure: ... [!] The following tools will *not* be built: curvetun flowtop astraceroute mausezahn [*] The following tools will be

Re: [netsniff-ng] Re: Netsniff-NG in Applied NSM Book

On 12/17/2013 06:31 AM, Jon Schipp wrote: Also, page 108 has a small section on installing and using ifpps. That's awesome, thanks for the great news! On Thu, Dec 12, 2013 at 11:21 PM, Jon Schipp jonsch...@gmail.com wrote: FYI: The Applied NSM book was released today [1]. From the table

Re: [netsniff-ng] netsniff-ng and ERSPAN

to not forget about this idea. Thanks, Doug On Tue, Oct 22, 2013 at 4:23 AM, Daniel Borkmann dbork...@redhat.com wrote: On 10/21/2013 05:00 PM, Doug Burks wrote: Hello all, Have you considered implementing support for decoding ERSPAN? Looks like gulp and snort currently support

Re: [netsniff-ng] netsniff-ng and ERSPAN

On 10/21/2013 05:00 PM, Doug Burks wrote: Hello all, Have you considered implementing support for decoding ERSPAN? Looks like gulp and snort currently support this: Are you referring to the packet dissector or to store the decapsulated data to a pcap file?

Re: [netsniff-ng] bpfc-vhdl

Sorry for the late answer, On 09/19/2013 09:12 PM, rometor...@gmail.com wrote: Hi All, I am looking on implementing HW filters using bpfc. Very cool! BPF engine offloading into a NIC might be interesting! This is a process outline 1) Generate BPF file in human readable format - How to use

Re: [netsniff-ng] Make error: installing netsniff-ng-0.571 on ubuntu 9.10 Karmic Kaola

On 09/23/2013 02:58 PM, Daniel Borkmann wrote: On 09/23/2013 06:26 AM, onubogu Last Nameokey wrote: Hi group members, Please can someone help me debug this cmake and make error. I am trying to install netsniff-ng-0.571 on ubuntu 9.10 Karmic Kaola.I have downloaded (manually and using apt-get

Re: [netsniff-ng] BPF Options/ Writing IP Packet Header Information to Output File and Practical Usage Question

On 09/04/2013 08:22 PM, Daniel Martin wrote: Hey Daniel, Thanks for your reply. I did compile your example bpfc foo bar Which did return cat bar { 0x20, 0, 0, 0xf034 }, { 0x16, 0, 0, 0x }, You need 3.10 or higher. This was developed during netfilter workshop, and merged in on

Re: [netsniff-ng] gencfg: Added rfc2544 configs

On 08/21/2013 09:52 PM, Jon Schipp wrote: I added the configurations outlined in Section 9.1 of RFC2544, Benchmarking Methodology for Network Interconnect Devices to gencfg [1]. Currently, it will write each configuration to a file in the current working directory. $ ./gencfg -G rfc2544 -s

[netsniff-ng] Re: BPF Compilation

On 08/22/2013 07:10 PM, Jon Schipp wrote: Are BPF filters compiled for each packet that reaches a filter? I assumed they were compiled once and then applied until the sniffing application process ends. BPF filters are attached to the kernel's socket representation. If no JIT is active, the

Re: [netsniff-ng] Using a time-based interval in netsniff-ng crashes at the end of the first interval

On 08/16/2013 04:48 PM, branchnetconsult...@gmail.com wrote: I built netsniff-ng 0.5.8-rc2 from git just last night on a 64bit Ubuntu 12.04.2 LTS box. When I specify a time-based interval, netsniff-ng records for the full interval but then crashes with a Poll failed! error before starting a 2nd

Re: [netsniff-ng] Re: Can netsniff-ng create pcap file by size

On 08/16/2013 09:54 PM, Allen Ting wrote: Thanks for the answers. I tried to limit the pcap file size to 100MB by setting the option to be --interval 100MiB, however, I saw most of the pcap files were created at the size around 170MB to 200MB. Is this the expected behavior? Is this

  1   2   >