Xplico

April 10, 2012
Comments Off on net-sniff-ng the packet sniffing beast
News
net-sniff-ng, probe

net-sniff-ng the packet sniffing beast

In past we have written about net-sniff-ng and we have used it in tandem with Xplico.

In recent days Daniel Borkmann has released a new version of net-sniff-ng, in this new version there are many improvements and new feature. With the last version 0.5.6 net-sniff-ng can be used with Xplico without apply any patch.

So we recommend to all Xplico users to use the last version of net-sniff-ng.

To use net-sniff-ng as a network probe for Xplico on the ethernet interface eth0, with the pcap files in /opt/xplico/pol_1/sol_1 (ie first case and first session in the first case) and with an acquisition time interval of 300 seconds (5 minutes) the command to be use is:

sudo netsniff-ng -i eth0 –out /opt/xplico/pol_1/sol_1/new –silent –jumbo-support –interval 300

Enjoy with net-sniff-ng!

Open Source Network Forensic Analysis Tool (NFAT)

net-sniff-ng the packet sniffing beast

pcap Viewer

Capture Tools

Support

Copyright © 2007-2021