TCP 包嗅探器 justniffer 0.5.10 發布
justniffer 是一個TCP包的嗅探器,它對數據包進行重組和排序并顯示出TCP通訊數據流,可以用來記錄Web服務器的網絡流量信息,非常適合來跟蹤網絡服務性能。
justniffer 0.5.10 發布了,該版本修復了 Python 腳本 justniffer-grab-http-traffic 的一些和 Python 2.7 版本的兼容性問題。
項目地址:
http://justniffer.sourceforge.net/
justniffer is a tcp packet sniffer. It can log network traffic in a 'standard' (web server like) or in a customized way. It can also log response times, useful for tracking network services performances (e.g. web server, application server, etc.).
Main differences from other sniffers
Most of the sniffers are divided into two categories, packet an text sniffers. Both suffer from incompleteness of information that may be collected and analyzed
- Packet sniffers collect too much data, such as packet headers details, and they make easy to analize low level network problem (such as tcp retrasmissions, or ip fragmentation) but make hard-working and time wasting to analize more high level details ( such as content correctness, keep-alive issues, connection timeouts, response time, etc)
- Textmode sniffers usually rebuild TCP stream but cannot collect low level information such as timestamps. They often rebuild the tcp flow in a too simplistic way and fail when dealing with complex TCP/IP issues (reordering, retransmission, reassemlbying, etc). TCP reassembling and reordering is a complex exercise, and require a deep knowledge of TCP/IP protocol and long experience in the field. Usually,they are useful for pure grabbing content from network traffic.
Justniffer was born to help in toubleshooting perfomance in network tcp based services : HTTP, JDBC, RTSP, SIP, SMTP, IMAP, POP, LDAP, etc.
It can collect low and hight level protocol and performance info reconstructing the tcp flow in a reliable way using portions of the Linux Kernel code. Precisely, it uses a slightly modified version of the libnids libraries that already include a modified version of linux kernel code in a more reusable way.
You can extend traffic analisys with external scripts (bash, python, or any executable). An example is provided: justniffer-grab-http-traffic script uses justniffer to saves files (images, text, html pages, javascript, flash, video, etc) captured from HTTP traffic.
Justniffer can generate logs in a customizable way. For example it can mimic the apache access_log
| TCP flow rebuild | very reliable: it can reorder, reassemble tcp segments and ip fragments using portions of the Linux kernel code |
| Logging | text mode: can be customized |
| Extensibility | by any executable, such as bash, python, perl scripts, ELF executable, etc. |
| Performance measurement | it can collect many information on performances: connection time, close time, request time , response time, close time, etc. |