netsniff-ng

netsniff-ng is a Linux network packet sniffer toolkit designed for protocol analysis, reverse engineering, and network debugging. It provides high performance through zero-copy mechanisms, eliminating the need for the kernel to copy packets from kernelspace to userspace. The toolkit includes multiple utilities for various network tasks, such as packet capturing/replaying, generation, statistics monitoring, and tunneling.

The suite consists of tools like netsniff-ng for packet analysis, trafgen for multithreaded packet generation, mausezahn for high-level packet generation with Cisco-CLI, ifpps for networking statistics, curvetun for IP tunneling, astraceroute for AS tracing, flowtop for connection tracking, and bpfc for BPF compilation. These tools support a wide range of use cases from traffic generation to filter compilation and system tracing.

Installation size is 2.08 MB and it depends on several libraries including libpcap, libnetfilter-conntrack, and libsodium. Users should refer to man pages for full flag details and advanced usage.

netsniff-ng leverages zero-copy mechanisms for high-speed packet processing, directly handling packets without kernel-to-userspace copying. It supports BPF filters via bpfc compiler, fanout groups for load distribution, and various input/output formats like netdev, pcap, and directories. Utilities like trafgen use multithreading and zero-copy for packet generation, astraceroute employs TCP/ICMP probes for AS path tracing, curvetun implements curve25519-based encryption for IP tunneling, and tools like flowtop and ifpps provide real-time ncurses-based monitoring of netfilter flows and kernel statistics.