summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/faq.html485
-rw-r--r--docs/img/bp.pngbin0 -> 70023 bytes
-rw-r--r--docs/img/logo.pngbin0 -> 3897 bytes
-rw-r--r--docs/img/logo2.pngbin0 -> 7349 bytes
-rw-r--r--docs/img/logo_small.pngbin0 -> 6779 bytes
-rw-r--r--docs/img/tiny-logo.pngbin0 -> 449 bytes
-rw-r--r--docs/index.html179
-rw-r--r--docs/style.css167
8 files changed, 831 insertions, 0 deletions
diff --git a/docs/faq.html b/docs/faq.html
new file mode 100644
index 0000000..11a34a3
--- /dev/null
+++ b/docs/faq.html
@@ -0,0 +1,485 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<head>
+<title>netsniff-ng toolkit faq</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="Robots" content="noarchive">
+
+<link rel="Shortcut Icon" href="http://netsniff-ng.org/img/tiny-logo.png" type="image/png">
+<link type="text/css" rel="stylesheet" media="screen" href="style.css" />
+
+<script type="text/javascript">
+ function InsertMail(mailnam,mailsvr,maildom)
+ {
+ document.write('&lt;<a href="mailto:' + mailnam + '@' + mailsvr + '.'
+ + maildom + '">' + mailnam + '@' + mailsvr + '.' + maildom +
+ '<\/a>&gt;');
+ }
+</script>
+</head>
+
+<body>
+<h1>netsniff-ng toolkit</h1>
+<h2>Frequently asked questions (FAQ)</h2>
+<p>
+If your question is not answered here, please consult our mailing list.
+<h3>General questions</h3>
+<ul>
+ <li><a href="#g0">What is netsniff-ng?</a></li>
+ <li><a href="#g1">What are the main goals?</a></li>
+ <li><a href="#g2">I like your project. Can I donate something?</a></li>
+ <li><a href="#g3">How can I be notified of new releases?</a></li>
+ <li><a href="#g4">Is there a mailing list?</a></li>
+ <li><a href="#g5">Is there an IRC channel?</a></li>
+ <li><a href="#g6">Do you have a blog? Is there a RSS feed for your blog?</a></li>
+ <li><a href="#g7">Can you change the design of your blog?</a></li>
+ <li><a href="#g8">Why can't I post comments to your blog?</a></li>
+ <li><a href="#g9">Is there a commercial support?</a></li>
+ <li><a href="#g10">How good is the throughput of RX_RING/TX_RING?</a></li>
+ <li><a href="#g11">Are the statistics generated by ifpps 'reliable'?</a></li>
+</ul>
+
+<h3>Usage questions</h3>
+<ul>
+ <li><a href="#u0">What's a primer document and why should I read it first?</a></li>
+ <li><a href="#u1">What platforms are supported?</a></li>
+ <li><a href="#u2">What libraries are required?</a></li>
+ <li><a href="#u3">What version of netsniff-ng should I use?</a></li>
+ <li><a href="#u4">Can netsniff-ng read network dumps of Wireshark or others and vice versa?</a></li>
+ <li><a href="#u5">How can I create Berkeley Packet Filters?</a></li>
+ <li><a href="#u6">I've created a custom Berkeley Packet Filter program with tcpdump, but netsniff-ng cuts the packet payload?</a></li>
+ <li><a href="#u7">How do I sniff in a switched environment?</a></li>
+ <li><a href="#u8">Can I run netsniff-ng as a normal user?</a></li>
+</ul>
+
+<h3>Licensing questions</h3>
+<ul>
+ <li><a href="#l0">What's the license of netsniff-ng?</a></li>
+ <li><a href="#l1">Can you change your license e.g. to BSD or have you ever considered it?</a></li>
+ <li><a href="#l2">Can I use netsniff-ng commercially?</a></li>
+ <li><a href="#l3">Can I use netsniff-ng as a part of my commercial product?</a></li>
+ <li><a href="#l4">How much does netsniff-ng cost?</a></li>
+ <li><a href="#l5">Really, then why are you doing this?</a></li>
+</ul>
+
+<h3>Development questions</h3>
+<ul>
+ <li><a href="#d0">Do you have release cycles?</a></li>
+ <li><a href="#d1">Can you add feature xy to netsniff-ng?</a></li>
+ <li><a href="#d2">Are there other source repositories than on your homepage?</a></li>
+ <li><a href="#d3">Is your GoogleCode page still up to date?</a></li>
+ <li><a href="#d4">Can I participate in the development of netsniff-ng?</a></li>
+ <li><a href="#d5">How do I post a patch?</a></li>
+ <li><a href="#d6">How do I use Git?</a></li>
+ <li><a href="#d8">Will you ship a GUI like Wireshark?</a></li>
+ <li><a href="#d9">Will you support the future pcapng (so called 'PCAP Next Generation Dump File Format') format?</a></li>
+ <li><a href="#d10">Do you plan some fancy version other than kernelspace RX_RING/TX_RING?</a></li>
+ <li><a href="#d11">Will you support the PF_RING from the ntop project?</a></li>
+ <li><a href="#d13">Are you also maintaining distribution specific packages?</a></li>
+ <li><a href="#d14">Will you port netsniff-ng to Windows?</a></li>
+ <li><a href="#d15">Will you port netsniff-ng to *BSD?</a></li>
+ <li><a href="#d16">Do you have your own devel trees? Which one should I patch against?</a></li>
+ <li><a href="#d17">Are you adding more tools to the toolkit?</a></li>
+</ul>
+
+<h3>Misc questions</h3>
+<ul>
+ <li><a href="#m0">Why don't you answer my mails? Isn't that rude?</a></li>
+ <li><a href="#m1">How do you pronounce netsniff-ng?</a></li>
+ <li><a href="#m2">Do you have netsniff-ng t-shirts?</a></li>
+ <li><a href="#m3">I've got some artwork for you!?</a></li>
+</ul>
+
+<div>
+<h3><a name="g0">What is netsniff-ng?</a></h3>
+<blockquote>
+<p>
+netsniff-ng is a high performance Linux networking toolkit. The project started during my B. Sc. thesis at the Max Planck Institute (actually just by accident and out of curiosity), and continued to grow into a useful toolkit ever since. At the time of its initial development, the famous libpcap library did not support zero-copy extensions of the Linux kernel. Therefore, we closed this gap by developing an analyzer and further tools around it, which had a significantly better performance than existing ones that used libpcap at that time. To be fair, later on zero-copy support was added to libpcap. However, we had/have a lot of fun with this project, so it grew and is on a good way to become mature. Nowadays, it's used by many professionals, it runs on quite a lot of servers or routers on production systems, and even is as a backend for Linux network security distributions. It really got quite serious. ;-)
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g1">What are the main goals?</a></h3>
+<blockquote>
+<p>
+netsniff-ngs main goal is to be a <i>high performance</i> network toolkit that focuses on <i>usability</i>, <i>robustness</i> and <i>functionality</i>. Its aim is to support the daily work of networking engineers, developers, administrators or Linux users by providing support with or in network monitoring, protocol analysis, reverse engineering, network debugging, traffic generation, measurement and penetration testing.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g2">I like your project. Can I donate something?</a></h3>
+<blockquote>
+<p>
+Sure, we're always happy to hear that. If you think this software is good, then please consider sending / buying us hardware like high-end 10Gbit/s capable servers, switches, routers, or access points, wireless cards or other (also exotic) kind of embedded systems in order to do research, test our software and integrate new features. You are welcome to leave us an email to <script type="text/javascript">InsertMail("daniel", "netsniff-ng", "org");</script>.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g3">How can I be notified of new releases?</a></h3>
+<blockquote>
+<p>
+New releases will be announced on our homepage, mailing list and Freshmeat. We have a project page <a href="http://freshmeat.net/projects/netsniff-ng/">at Freshmeat</a> where you can subscribe.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g4">Is there a mailing list?</a></h3>
+<blockquote>
+<p>
+Yes, of course there is. It's a moderated, spam-free mailing list on Google where you can post your questions to <script type="text/javascript">InsertMail("netsniff-ng", "googlegroups", "com");</script>.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g5">Is there an IRC channel?</a></h3>
+<blockquote>
+<p>
+Nope, there is no offical one.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g6">Do you have a blog? Is there a RSS feed for your blog?</a></h3>
+<blockquote>
+<p>
+Nope, sorry. We rather like spending our time hacking the code. (I know, in the past, we had one.)
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g7">Can you change the design of your blog?</a></h3>
+<blockquote>
+<p>
+What blog? No, sorry. ;-)
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g8">Why can't I post comments to your blog?</a></h3>
+<blockquote>
+<p>
+Because we like HTML too much. ;-) Moderating all those comments costs too much time that we could also spend on development. If you'd like to discuss certain issues, then please use our mailing list.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g9">Is there a commercial support?</a></h3>
+<blockquote>
+<p>
+Actually yes, if you have a <a href="http://redhat.com/">Red Hat</a> Enterprise Linux subscription, just open a bugzilla ticket <a href="https://bugzilla.redhat.com/">there</a>.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g10">How good is the throughput of RX_RING/TX_RING?</a></h3>
+<blockquote>
+<p>
+For instance, on commodity hardware with Gigabit-Ethernet, you can reach wirespeed with <i>trafgen</i> (64 Byte, 1.34 Mio pps). Measurement results on 10GBit/s will come soon.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="g11">Are the statistics generated by ifpps 'reliable'?</a></h3>
+<blockquote>
+<p>
+Yes. The statistics are extracted from the kernel directly (procfs), so this is what the NICs device driver gets to see. There is <i>no</i> sniffing or the like involved to generate these figures, such as iptraf does.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="u0">What's a primer document and why should I read it first?</a></h3>
+<blockquote>
+<p>
+It's netsniff-ng's Documentation folder in the repository. Everything that needs to be known for using the toolkit is documented there. There are more general documents to get an overview and tool specific ones with a higher degree of details.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="u1">What platforms are supported?</a></h3>
+<blockquote>
+<p>
+Currently only operating systems running on Linux kernels with <i>CONFIG_PACKET_MMAP</i> enabled. This feature can be found even back to the days of 2.4 kernels. Most operating systems ship pre-compiled kernels that have this config option enabled and even the latest kernel versions got rid of this option and have this functionality built-in. However, we recommend using a kernel >= 2.6.31, because the TX_RING support has been added since then. Ideally, you compile a kernel on your own from the latest Git tree.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="u2">What libraries are required?</a></h3>
+<blockquote>
+<p>
+Look at INSTALL in the repository.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="u3">What version of netsniff-ng should I use?</a></h3>
+<blockquote>
+<p>
+The latest one from our Git tree, if possible.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="u4">Can netsniff-ng read network dumps of Wireshark or others and vice versa?</a></h3>
+<blockquote>
+<p>
+Yes, if the dumps are formatted as <i>pcap</i> files. This is default on Wireshark, for instance. Vice versa, Wireshark can also read netsniff-ng dumps.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="u5">How can I create Berkeley Packet Filters?</a></h3>
+<blockquote>
+<p>
+If you want to run netsniff-ng in combination with <i>-f</i> or <i>--filter &lt;file&gt;</i> you need to build a so called Berkeley Packet Filter program within a plaintext file (here, marked as: <i>&lt;file&gt;</i>). The Berkeley Packet Filters language description can be obtained from netsniff-ngs documentation <a href="bpf.pdf">section</a>. One way to create a custom filter for the non-lazy people is to hack the opcodes by hand according to the specification. In this case you have all the freedom to build your filters for your needs. The alternative way is to use tcpdumps <i>-dd</i> option. Simply pipe the output into a textfile and pass this to netsniff-ng.
+<p>
+Furthermore, we already ship some common filters and we are planning our own filter compiler! Most distributions put these files into <i>/etc/netsniff-ng/rules/</i>.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="u6">I've created a custom Berkeley Packet Filter program with tcpdump, but netsniff-ng cuts off the packet payload?</a></h3>
+<blockquote>
+<p>
+If you try to create custom socket filters with tcpdump <i>-dd</i>, you have to edit the <i>ret</i> opcode (<i>0x6</i>) of the resulting filter, otherwise your payload will be cut off:
+<p>
+<i>0x6, 0, 0, 0xFFFFFFFF</i> instead of <i>0x6, 0, 0, 0x00000060</i>
+<p>
+The Linux kernel now takes <i>skb-&gt;len</i> instead of 0xFFFFFFFF. If you do not change it, the kernel will take 0x00000060 as buffer length and packets larger than 96 Byte will be cut off (filled with zero Bytes)! It's a bug in libpcaps filter compiler. Detailed information about this issue can be found on our <a href="http://dev.netsniff-ng.org/#4">blog post</a>.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="u7">How do I sniff in a switched environment?</a></h3>
+<blockquote>
+<p>
+I rudely refer to the <i>dSniff</i> documentation that says:
+<p>
+The easiest route is simply to impersonate the local gateway, stealing client traffic en route to some remote destination. Of course, the traffic must be forwarded by your attacking machine, either by enabling kernel IP forwarding or with a userland program that acccomplishes the same (fragrouter -B1).
+<p>
+Several people have reportedly destroyed connectivity on their LAN to the outside world by arpspoof'ing the gateway, and forgetting to enable IP forwarding on the attacking machine. Don't do this. You have been warned.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="u8">Can I run netsniff-ng as a normal user?</a></h3>
+<blockquote>
+<p>
+Yep, again, look at INSTALL.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="l0">What's the license of netsniff-ng?</a></h3>
+<blockquote>
+<p>
+It's the GNU GPL, version 2.0. <a href="http://www.gnu.org/licenses/gpl-2.0.txt">Here</a>'s the licensing text.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="l1">Can you change your license e.g. to BSD or have you ever considered it?</a></h3>
+<blockquote>
+<p>
+Nope, it's the GPL version 2.0 and this is not negotiable.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="l2">Can I use netsniff-ng commercially?</a></h3>
+<blockquote>
+<p>
+Yes, if you mean "I work for a commercial organization and I'd like to use netsniff-ng for capturing and analyzing network traffic in our company's networks or in our customer's networks.".
+<p>
+It depends, if you mean "Can I use netsniff-ng as a part of my commercial product?". See below.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="l3">Can I use netsniff-ng as a part of my commercial product?</a></h3>
+<blockquote>
+<p>
+As long as your commercial product then stays compatible with the <a href="http://www.gnu.org/licenses/gpl-2.0.txt">GNU GPL, version 2.0</a>, then it should be no problem. Have a look at the <a href="http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html">frequently asked questions</a> of gnu.org in order to clarify your questions.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="l4">How much does netsniff-ng cost?</a></h3>
+<blockquote>
+<p>
+netsniff-ng is "free software"; you can download it without paying any license fee. The version of netsniff-ng you download isn't a "demo" version, with limitations not present in a "full" version; it is the full version. And the good thing is: it will always stay that way!
+<p>
+netsniff-ng is licensed under the GNU GPL, version 2.0. Read more about this <a href="http://www.gnu.org/licenses/gpl-2.0.txt">here</a>.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="l5">Really, then why are you doing this?</a></h3>
+<blockquote>
+<p>
+For the fun of hacking on great software and contributing to the open source community. And also, to fill the gap with some useful missing tools that can replace expensive commerical ones with even better features.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d0">Do you have release cycles?</a></h3>
+<blockquote>
+<p>
+No, actually we don't. We should. Well, we used to, but since netsniff-ng is a spare time project and sometimes there's lots of other stuff to do and sometimes not, we are more flexible and independant this way without making hard deadline promises. Nevertheless, netsniff-ng is a long-term project, so even if there's hard times for weeks of not pushing to Git, there will be others with the opposite situation. We think netsniff-ng is useful for our daily network engineering work and research and we will do our best that it stays this way! This should be your take-home message! ;-)
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d1">Can you add feature xy to netsniff-ng?</a></h3>
+<blockquote>
+<p>
+Well, that depends. If it's a good feature and you make us think that adding this would make sense, then why not. You are also free to discuss this specific feature with us and post patches or pull requests.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d2">Are there other source repositories than on your homepage?</a></h3>
+<blockquote>
+<p>
+Nope.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d3">Is your GoogleCode page still up to date?</a></h3>
+<blockquote>
+<p>
+Nope, consider it as dead.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d4">Can I participate in the development of netsniff-ng?</a></h3>
+<blockquote>
+<p>
+Sure, we'd be happy about that. Send us your ideas or code and we're going to evaluate and probably integrate it. Have a look at the HACKING file. The release Git repository is located at <a href="http://repo.or.cz/w/netsniff-ng.git">http://repo.or.cz/w/netsniff-ng.git</a>, so you are free to clone and hack.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d5">How do I post a patch?</a></h3>
+<blockquote>
+<p>
+Have a look at the Documentation folder of netsniff-ng's source for further instructions.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d6">How do I use Git?</a></h3>
+<blockquote>
+<p>
+Have a look at the Git documentation at <a href="http://www.kernel.org/pub/software/scm/git/docs/">http://www.kernel.org/pub/software/scm/git/docs/</a>.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d8">Will you ship a GUI like Wireshark?</a></h3>
+<blockquote>
+<p>
+Nope, GUIs suck.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d9">Will you support the future pcapng (so called 'PCAP Next Generation Dump File Format') format?</a></h3>
+<blockquote>
+<p>
+Not sure yet.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d10">Do you plan some fancy version other than kernelspace RX_RING/TX_RING?</a></h3>
+<blockquote>
+<p>
+Probably not, because a vanilla kernel must be enough to run the toolkit.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d11">Will you support the PF_RING from the ntop project?</a></h3>
+<blockquote>
+<p>
+Well, no. There are two reasons for this: <i>First reason</i> is, that it's not part of the mainline kernel. A interesting discussion about getting PF_RING into the kernel can be found at the netdev lists (<a href="http://lists.openwall.net/netdev/2009/10/14/37">http://lists.openwall.net/netdev/2009/10/14/37</a>) and obviously there are no further efforts (browse the netdev/LKML, also <a href="http://www.spinics.net/lists/netfilter-devel/msg20212.html">netfilter</a>) from the ntop project to merge both architectures or add features to PF_PACKET. <i>Second reason</i> is that we've evaluated the PF_RING (without the commercial Direct NIC Access [DNA]) regarding its performance and came to the conclusion, that there is no significant performance enhancement on our IBM HS21 Bladeserver test system. ntopi's DNA ships its own versions of some modified device drivers like Broadcoms tg3 and NetXtreme, Intels e1000(e), igb and ixgbe. Since these modifications are not official, neither to the kernel, nor to the vendors and cover only a small amout of what is out there, we're not doing further investigations at the moment. Also, netsniff-ng users have reported similar observations. A benchmark with PF_RING in transparent_mode 0 and 1 is even slower than netsniff-ng and in transparent_mode 2 both have the same performance. The test was done on a Dell PowerEdge 2850. Nevertheless, <a href="http://www.ntop.org/">ntop</a> is a very interesting project you definately should check out!
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d13">Are you also maintaining distribution specific packages?</a></h3>
+<blockquote>
+<p>
+Yes, but only for Red Hat and Debian GNU/Linux, which then automatically gets updated in some other distros like <a href="http://grml.org">GRML</a>. People that maintain netsniff-ng in other distributions are listed within the MAINTAINERS file.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d14">Will you port netsniff-ng to Windows?</a></h3>
+<blockquote>
+<p>
+Nope, what a question. It runs only on <i>real</i> operating systems.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d15">Will you port netsniff-ng to *BSD?</a></h3>
+<blockquote>
+<p>
+Could be possible for the future. If you have something we can merge, let us know.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d16">Do you have your own personal devel trees? Which one should I patch against?</a></h3>
+<blockquote>
+<p>
+Nope. Always patch against the official upstream repository.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="d17">Are you adding more tools to the toolkit?</a></h3>
+<blockquote>
+<p>
+No, 8 tools (netsniff-ng, trafgen, mausezahn, bpfc, ifpps, flowtop, curvetun, astraceroute) are enough. We now rather focus on improving them and their features, clean up the code and fix bugs.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="m0">Why don't you answer my mails? Isn't that rude?</a></h3>
+<blockquote>
+<p>
+No, it isn't rude. We're focusing on answering every mail, but in some rare cases it's mostly because of sheer lack of time to answer each email that gets sent to us. Furthermore, some hints for writing good e-mails can be found in <a href="http://www.ietf.org/rfc/rfc2635.txt">rfc2635</a> and <a href="http://www.ietf.org/rfc/rfc1855.txt">rfc1855</a>.
+</blockquote>
+</div>
+
+<div>
+<h3><a name="m1">How do you pronounce netsniff-ng?</a></h3>
+<blockquote>
+<p>
+<code>$ flite -o play -t "netsniff n g"</code>
+</blockquote>
+</div>
+
+<div>
+<h3><a name="m2">Do you have netsniff-ng t-shirts, ...?</a></h3>
+<blockquote>
+<p>
+Yes, <a href="http://netsniff-ng.spreadshirt.de/">here</a> (note: we do not take any commission for the products).
+</blockquote>
+</div>
+
+<div>
+<h3><a name="m3">I've got some artwork for you!?</a></h3>
+<blockquote>
+<p>
+Great! We'd very much like to see it. Please mail it to us ;-)
+</blockquote>
+</div>
+</body>
+</html>
diff --git a/docs/img/bp.png b/docs/img/bp.png
new file mode 100644
index 0000000..73b0d18
--- /dev/null
+++ b/docs/img/bp.png
Binary files differ
diff --git a/docs/img/logo.png b/docs/img/logo.png
new file mode 100644
index 0000000..89b7d8d
--- /dev/null
+++ b/docs/img/logo.png
Binary files differ
diff --git a/docs/img/logo2.png b/docs/img/logo2.png
new file mode 100644
index 0000000..eb57a98
--- /dev/null
+++ b/docs/img/logo2.png
Binary files differ
diff --git a/docs/img/logo_small.png b/docs/img/logo_small.png
new file mode 100644
index 0000000..a86ed50
--- /dev/null
+++ b/docs/img/logo_small.png
Binary files differ
diff --git a/docs/img/tiny-logo.png b/docs/img/tiny-logo.png
new file mode 100644
index 0000000..43779de
--- /dev/null
+++ b/docs/img/tiny-logo.png
Binary files differ
diff --git a/docs/index.html b/docs/index.html
new file mode 100644
index 0000000..6fdc6f8
--- /dev/null
+++ b/docs/index.html
@@ -0,0 +1,179 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<head>
+<title>netsniff-ng toolkit</title>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="Robots" content="noarchive">
+<link rel="Shortcut Icon" href="http://netsniff-ng.org/img/tiny-logo.png" type="image/png">
+<link type="text/css" rel="stylesheet" media="screen" href="style.css" />
+</head>
+
+<body>
+<h1>netsniff-ng toolkit</h1>
+<h2>Summary</h2>
+<p>
+netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will.
+</p>
+<p>
+Its gain of performance is reached by zero-copy mechanisms, so that on packet reception <i>and</i> transmission the kernel does not need to copy packets from kernel space to user space and vice versa.
+</p><p>
+Our toolkit can be used for network development and analysis, debugging, auditing or network reconnaissance.
+</p><p>
+The netsniff-ng toolkit consists of the following utilities:
+<ul>
+ <li><b>netsniff-ng</b>, a fast zero-copy analyzer, pcap capturing and replaying tool</li>
+ <li><b>trafgen</b>, a multithreaded low-level zero-copy network packet generator</li>
+ <li><b>mausezahn</b>, high-level packet generator for HW/SW appliances with Cisco-CLI*</li>
+ <li><b>bpfc</b>, a Berkeley Packet Filter compiler, Linux BPF JIT disassembler</li>
+ <li><b>ifpps</b>, a top-like kernel networking statistics tool</li>
+ <li><b>flowtop</b>, a top-like netfilter connection tracking tool</li>
+ <li><b>curvetun</b>, a lightweight curve25519-based IP tunnel</li>
+ <li><b>astraceroute</b>, an autonomous system (AS) trace route utility</li>
+</ul>
+<b>Get it via Git:</b>&nbsp;&nbsp; <code>git clone git://<a href="https://github.com/netsniff-ng/netsniff-ng">github.com/netsniff-ng/netsniff-ng</a>.git</code><br><br>
+Note (*): We took over further maintenance and development of <a href="http://www.perihel.at/sec/mz/">mausezahn</a>.
+<h2>Download and Release Notes</h2>
+<p>
+In general, the latest Git development version from our repository can be used as it is considered as quite stable and includes new features.
+</p>
+<p>
+From time to time we also do stable snapshots from our Git tree and announce it on our <a href="http://news.gmane.org/gmane.linux.network.netsniff-ng">mailing list</a>. The current stable release is <a href="http://pub.netsniff-ng.org/netsniff-ng/netsniff-ng-0.6.5.tar.gz">netsniff-ng 0.6.5</a>.
+</p>
+<p>
+It can be downloaded from our <a href="http://pub.netsniff-ng.org/netsniff-ng/">public directory</a>, from the <a href="http://mirror.distanz.ch/netsniff-ng">mirror at distanz.ch</a>, or via Git:<p>
+<pre>
+ git clone git://github.com/netsniff-ng/netsniff-ng.git
+ cd netsniff-ng
+ git checkout v0.6.5
+</pre></p>
+Older releases can also be found in our <a href="http://pub.netsniff-ng.org/netsniff-ng/">public directory</a> (<a href="http://mirror.distanz.ch/netsniff-ng/">mirror</a>) and we also have a source code cross referencer for <a href="http://lingrok.org/xref/netsniff-ng/">netsniff-ng</a>'s Git tree.
+</p>
+<p>
+netsniff-ng is open source and released under the GPL version 2.0.
+</p>
+</p>
+<h3>Release Notes</h3>
+<p>
+<a href="https://github.com/netsniff-ng/netsniff-ng/releases">All release notes</a> can be found on Github.
+</p>
+
+<h2>Tools</h2>
+<p>
+<b>netsniff-ng</b> is a fast network analyzer based on packet mmap(2) mechanisms. It can record pcap files to disc, replay them and also do an offline and online analysis. Capturing, analysis or replay of raw 802.11 frames are supported as well. pcap files are also compatible with tcpdump or Wireshark traces. netsniff-ng processes those pcap traces either in scatter-gather I/O or by mmap(2) I/O.
+<p>
+<b>trafgen</b> is a multi-threaded network traffic generator based on packet mmap(2) mechanisms. It has its own flexible, macro-based low-level packet configuration language. Injection of raw 802.11 frames are supported as well. trafgen has a significantly higher speed than mausezahn and comes very close to pktgen, but runs from user space. pcap traces can also be converted into a trafgen packet configuration.
+<p>
+<b>mausezahn</b> is a high-level packet generator that can run on a hardware-software appliance and comes with a Cisco-like CLI. It can craft nearly every possible or impossible packet. Thus, it can be used, for example, to test network behaviour under strange circumstances (stress test, malformed packets) or to test hardware-software appliances for several kind of attacks.
+<p>
+<b>bpfc</b> is a Berkeley Packet Filter (BPF) compiler that understands the original BPF language developed by McCanne and Jacobson. It accepts BPF mnemonics and converts them into kernel/netsniff-ng readable BPF ``opcodes''. It also supports undocumented Linux filter extensions. This can especially be useful for more complicated filters, that high-level filters fail to support.
+<p>
+<b>ifpps</b> is a tool which periodically provides top-like networking and system statistics from the Linux kernel. It gathers statistical data directly from procfs files and does not apply any user space traffic monitoring that would falsify statistics on high packet rates. For wireless, data about link connectivity is provided as well.
+<p>
+<b>flowtop</b> is a top-like connection tracking tool that can run on an end host or router. It is able to present TCP or UDP flows that have been collected by the kernel's netfilter framework. GeoIP and TCP state machine information is displayed. Also, on end hosts flowtop can show PIDs and application names that flows relate to. No user space traffic monitoring is done, thus all data is gathered by the kernel.
+<p>
+<b>curvetun</b> is a lightweight, high-speed ECDH multiuser tunnel for Linux. curvetun uses the Linux TUN/TAP interface and supports {IPv4,IPv6} over {IPv4,IPv6} with UDP or TCP as carrier protocols. Packets are encrypted end-to-end by a symmetric stream cipher (Salsa20) and authenticated by a MAC (Poly1305), where keys have previously been computed with the ECDH key agreement protocol (Curve25519).
+<p>
+<b>astraceroute</b> is an autonomous system (AS) trace route utility. Unlike traceroute or tcptraceroute, it not only display hops, but also their AS information they belong to as well as GeoIP information and other interesting things. On default, it uses a TCP probe packet and falls back to ICMP probes in case no ICMP answer has been received.
+<p>
+Concluding, the toolkit is split into small, useful utilities that are or are not necessarily related to each other. Each program for itself fills a gap as a helper in your daily network debugging, development or audit.
+
+<h2>Mailing List</h2>
+<p>
+Please post questions and patches to the netsniff-ng mailing list <a href="mailto:netsniff-ng@googlegroups.com">netsniff-ng@googlegroups.com</a> (<a href="https://groups.google.com/forum/#!forum/netsniff-ng">list on Google Groups</a>, <a href="https://www.mail-archive.com/netsniff-ng%40googlegroups.com/">archive</a>)
+</p>
+
+<h2>Documentation</h2>
+<p>
+The best way to get a good overview of what it is all about and how the tools work is to look into the individual man pages of the toolkit, found in the source code repository. This covers everything you need to know.
+<p>
+If you start each tool with ``--help'', minimal usage examples are provided, too. We also have a <a href="faq.html">frequently asked question</a> page. Moreover, see the Wikipedia <a href="http://en.wikipedia.org/wiki/Netsniff-ng">article</a> people wrote about netsniff-ng. If all of this is not enough, you can write your question to <a href="mailto:netsniff-ng@googlegroups.com">netsniff-ng@googlegroups.com</a>, or google for it on third party sites or blogs.
+<p>
+Various conference slides from netsniff-ng talks can be found <a href="http://pub.netsniff-ng.org/paper/">here</a>:<p>
+<b>2013:</b>
+ <ul>
+ <li>A look at the netsniff-ng toolkit [<a href="http://jonschipp.com/talks/derbycon2013.pdf">pdf</a>] (Jon Schipp, Derbycon 2013, Louisville)</li>
+ <li><a href="http://www.mosscon.org/sessions/look-netsniff-ng-toolkit">A look at the netsniff-ng toolkit</a> [<a href="http://jonschipp.com/talks/mosscon2013.pdf">pdf</a>] (Jon Schipp, Midwest Open Source Software Conference, Louisville)</li>
+ <li><a href="http://workshop.netfilter.org/2013/wiki/index.php/List_of_presentations#17:00_2">netsniff-ng toolkit: Swiss army knife for network development and debugging</a> [<a href="http://pub.netsniff-ng.org/paper/nfws3_2013.pdf">pdf</a>] (Daniel Borkmann, Netfilter Workshop, Copenhagen)</li>
+ <li><a href="http://workshop.netfilter.org/2013/wiki/index.php/List_of_presentations#15:00">top-like connection tracking with flowtop</a> [<a href="http://pub.netsniff-ng.org/paper/nfws1_2013.pdf">pdf</a>] (Daniel Borkmann, Netfilter Workshop, Copenhagen)</li>
+ <li><a href="http://opensourcedays.org/2013/content/linuxs-packet-mmap2-bpf-and-netsniff-ng-toolkit">Packet sockets, BPF, and the netsniff-ng toolkit (short version of Brno)</a> [<a href="http://pub.netsniff-ng.org/paper/osd_2013.pdf">pdf</a>, <a href="http://video.dkuug.dk/media/linuxs-packet-mmap2-bpf-and-the-netsniff-ng-toolki">video</a>] (Daniel Borkmann, Open Source Days, Copenhagen)</li>
+ <li><a href="http://developerconference2013.sched.org/event/25eb9c38dd79722af77c3c8740ff7ece#.UVP-vIrZI1K">Linux' packet mmap(), BPF, and the netsniff-ng toolkit</a> [<a href="http://pub.netsniff-ng.org/paper/devconf_2013.pdf">pdf</a>, <a href="http://www.youtube.com/watch?v=rS_Ik_FHlUI">video</a>] (Daniel Borkmann, Red Hat Developer Conference, Brno)</li>
+ </ul>
+<b>2012:</b>
+ <ul>
+ <li><a href="http://gtalug.org/wiki/Meetings:2012-10">Network Debugging Toolkit: netsniff-ng</a> [<a href="http://pub.netsniff-ng.org/paper/gtalug_2012.pdf">pdf</a>] (Daniel Borkmann, Greater Toronto Area Linux User Group, Toronto)</li>
+ </ul>
+netsniff-ng toolkit partially covered in books:<p>
+<ul>
+ <li><a href="http://www.appliednsm.com/about-the-book/">Applied Network Security Monitoring</a> (Chris Sanders, will appear in Q3 2013)</li>
+ <li><a href="http://nostarch.com/nsm">Practice Of Network Security Monitoring</a> (Richard Bejtlich, July 2013)</li>
+</ul>
+
+To dig into the inner workings of the Berkeley Packet Filter architecture, have a look at <a href="ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z">this</a>. Documentation about the ``packet_mmap'' architecture with ``pf_packet'' sockets for the Linux kernel can be downloaded from <a href="http://www.kernel.org/">kernel.org</a> under <a href="http://lxr.linux.no/linux+v3.2.9/Documentation/networking/packet_mmap.txt">packet_mmap.txt</a>.
+
+<h2>Development</h2>
+<p>
+<b>Source control</b>
+<p>
+There's a public Git repository at <a href="https://github.com/netsniff-ng/netsniff-ng">Github</a> where you can check out the entire code base. For tamper resistant downloading, clone the Git repository and checkout the corresponding version tag. It can be verified with <a href="http://www.gnupg.org/">GPG</a>.
+<p>
+<b>Maintenance:</b>
+<p>
+The Git repository of the toolkit is maintained by <a href="http://distanz.ch/">Tobias Klauser</a> and <a href="http://borkmann.ch/">Daniel Borkmann</a>.
+</p>
+<b>Testing:</b>
+<p>
+Especially for testing netsniff-ng's protocol dissectors, we have a <a href="http://pub.netsniff-ng.org/pcaps/">public archive</a> maintained by <a href="https://github.com/markusa">Markus Amend</a> with a lot of example pcap files for raw 802.11 frames, VLAN, ICMP, IPv6, MPLS and many other protocols. There's also a dissector fuzzing script in the source repository to test broken or half-broken pcap files. Some usage examples for testing can also be found <a href="http://pub.netsniff-ng.org/examples/">here</a>.
+</p>
+<p>
+<b>Documents</b>
+<p>
+There is a netsniff-ng <a href="faq.html">frequently asked question</a> site and for participating in development have a look at the documentation and man-page files within the source code. <a href="http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html">Here</a> is also a FAQ about the GNU GPL version 2, under which netsniff-ng is licensed. For reporting bugs please use our <a href="http://bugs.netsniff-ng.org/">bug tracking system</a> or preferably write an e-mail to our mailing list.
+<p>
+<b>Contribute</b>
+<p>
+Currently, netsniff-ng is only available for Linux platforms. If you have a port for *BSD, let us know for merging your port into the main source tree. However, please do not port netsniff-ng to Windows or other proprietary junk software! Here is a nice explanation why; we share Felix von Leitner's <a href="http://www.fefe.de/nowindows/">point of view</a>.
+<p>
+If you think this software is great, then please consider to contribute in one of the following ways:
+<ul>
+ <li>Review and contribute to the source code</li>
+ <li>Add or improve documentation, man-pages</li>
+ <li>Mention us in your talks at conferences</li>
+ <li>Maintain distribution specific packages</li>
+ <li>Test netsniff-ng on your specific platform</li>
+</ul>
+
+<h2>Support</h2>
+<p>
+A mailing list for netsniff-ng moderated, spam free user discussions is open to the <a href="http://groups.google.com/group/netsniff-ng">public</a>. Simply mail to <a href="mailto:netsniff-ng@googlegroups.com">netsniff-ng@googlegroups.com</a>.
+</p>
+<p>
+There's also an archive at <a href="http://dir.gmane.org/gmane.linux.network.netsniff-ng">gmane</a> and a <a href="http://www.mail-archive.com/netsniff-ng%40googlegroups.com/">searchable archive</a>. We usually track (and then fix) bugs through our mailing list. But we also accept bug reports through our <a href="https://github.com/netsniff-ng/netsniff-ng/issues">bug tracker</a>.
+<p>
+Before posting questions, have a look at our <a href="faq.html">FAQ</a>.
+
+<h2>Git Tree</h2>
+<p>The netsniff-ng project is always looking for community members interested in contributing. For versioning control, the natural choice is <a href="http://git-scm.com/">Git</a>.
+</p>
+<p>
+The patch submission process is similar to the one of the Linux kernel. So please respect the kernel's coding guidelines and patch submission procedure.
+</p>
+<p>
+Send your patches e.g. via git-send-email(1) to <a href="mailto:netsniff-ng@googlegroups.com">netsniff-ng@googlegroups.com</a> with ``[PATCH]'' as a subject prefix for further review and inclusion.</p>
+<dl>
+ <dt>git://</dt>
+ <dd>
+ <pre>git://github.com/netsniff-ng/netsniff-ng.git</pre>
+ </dd>
+ <dt>http://</dt>
+ <dd><a href="https://github.com/netsniff-ng/netsniff-ng">https://github.com/netsniff-ng/netsniff-ng</a></dd>
+ <dt>mirror</dt>
+ <dd><a href="http://git.distanz.ch/cgit.cgi/netsniff-ng.git/">http://git.distanz.ch/cgit.cgi/netsniff-ng.git/</a></dd>
+</dl>
+
+<div style="float: right;"><a href="http://netsniff-ng.org"><img src="http://netsniff-ng.org/img/logo_small.png" border="0" alt="netsniff-ng"></a></div>
+<h2>Thanks</h2>
+<p>
+netsniff-ng is free software and provided in the hope that it is found useful for your daily network plumbing. Suggestions for new features or patch contributions are very welcome and appreciated, drop us a short mail.<br><br>
+</body>
+</html>
diff --git a/docs/style.css b/docs/style.css
new file mode 100644
index 0000000..32c47ff
--- /dev/null
+++ b/docs/style.css
@@ -0,0 +1,167 @@
+/* Sans-serif font. */
+h1, h2, h3, h4, h5, h6,
+div.title, caption.title,
+thead, p.table.header,
+div#toctitle,
+span#author, span#revnumber, span#revdate, span#revremark,
+div#footer,
+th {
+ font-family: "Lucida Grande", "Luxi Sans", "Trebuchet MS", "Bitstream Vera Sans", helvetica, verdana, arial, sans-serif;
+}
+
+p, td {
+ font-family: inherit;
+}
+
+div.overview_img {
+ float: right;
+ margin-top: 10px;
+ margin-left: 20px;
+ margin-bottom: 10px;
+}
+
+th {
+ text-align: left;
+ background: #F0F0F0;
+ padding: 5px;
+}
+
+th.sub {
+ background: none;
+}
+
+tr.current {
+ background: #90EE90;
+}
+
+tt {
+ font-size: inherit;
+}
+
+body {
+ margin: 1em 5% 1em 5%;
+}
+
+a {
+ color: #000000;
+ text-decoration: underline;
+}
+a:visited {
+ color: #000000;
+}
+
+.dg { color: #000000; }
+
+em {
+ font-style: italic;
+ /* color: navy; */
+}
+
+strong {
+ font-weight: bold;
+ color: black;
+ /* color: #083194; */
+}
+
+tt {
+ font-size: inherit;
+ color: navy;
+}
+
+h1, h2, h3, h4, h5, h6 {
+ color: #000000;
+ margin-left: -1.0em;
+ margin-top: 0.5em;
+ margin-bottom: 0.1em;
+ line-height: 1.3;
+}
+
+h1 {
+ color: #000000;
+}
+h2 {
+ padding-top: 0.5em;
+}
+h3 {
+ float: left;
+ margin-bottom: 0.7em;
+}
+h3 + * {
+ clear: left;
+}
+
+hr {
+ border: 1px solid;
+ color: #000000;
+ width: 100%;
+}
+
+p {
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+
+ul, ol, li > p {
+ margin-top: 0;
+}
+/* ul > li { color: #aaa; } */
+ul > li > * { color: black; }
+
+pre {
+ padding: 0;
+ margin: 0;
+}
+
+dl {
+ margin-top: 0.8em;
+ margin-bottom: 0.8em;
+}
+dt {
+ margin-top: 0.5em;
+ margin-bottom: 0;
+ font-weight: bold;
+ color: #000000;
+}
+dd > *:first-child {
+ margin-top: 0.1em;
+}
+
+ul, ol {
+ list-style-position: outside;
+}
+span.aqua { color: aqua; }
+span.black { color: black; }
+span.blue { color: blue; }
+span.fuchsia { color: fuchsia; }
+span.gray { color: gray; }
+span.green { color: green; }
+span.lime { color: lime; }
+span.maroon { color: maroon; }
+span.navy { color: navy; }
+span.olive { color: olive; }
+span.purple { color: purple; }
+span.red { color: red; }
+span.silver { color: silver; }
+span.teal { color: teal; }
+span.white { color: white; }
+span.yellow { color: yellow; }
+
+span.aqua-background { background: aqua; }
+span.black-background { background: black; }
+span.blue-background { background: blue; }
+span.fuchsia-background { background: fuchsia; }
+span.gray-background { background: gray; }
+span.green-background { background: green; }
+span.lime-background { background: lime; }
+span.maroon-background { background: maroon; }
+span.navy-background { background: navy; }
+span.olive-background { background: olive; }
+span.purple-background { background: purple; }
+span.red-background { background: red; }
+span.silver-background { background: silver; }
+span.teal-background { background: teal; }
+span.white-background { background: white; }
+span.yellow-background { background: yellow; }
+
+span.big { font-size: 2em; }
+span.small { font-size: 0.6em; }