TCP 包嗅探器 justniffer 0.5.10 发布

openkk 13年前
     <img title="TCP 包嗅探器 justniffer 0.5.10 发布" border="0" alt="TCP 包嗅探器 justniffer 0.5.10 发布" align="left" src="https://simg.open-open.com/show/c1ffd3b1d7d93e2944711c1ad0dfd4c4.png" width="64" height="32" />justniffer 是一个TCP包的嗅探器,它对数据包进行重组和排序并显示出TCP通讯数据流,可以用来记录Web服务器的网络流量信息,非常适合来跟踪网络服务性能。    <br /> justniffer 0.5.10 发布了,该版本修复了 Python 脚本 justniffer-grab-http-traffic 的一些和 Python 2.7 版本的兼容性问题。    <br /> 项目地址:    <a href="/misc/goto?guid=4958190081924924080" target="_blank">http://justniffer.sourceforge.net/<br /> </a>    <br />    <br />    <p>justniffer is a tcp packet sniffer. It can log network traffic in a 'standard' (web server like) or in a customized way. It can also log response times, useful for tracking network services performances (e.g. web server, application server, etc.). </p>    <h2 id="Main differences from other sniffers">Main differences from other sniffers</h2>    <p>Most of the sniffers are divided into two categories, packet an text sniffers. Both suffer from incompleteness of information that may be collected and analyzed </p>    <ul>     <li><b>Packet sniffers</b> collect too much data, such as packet headers details, and they make easy to analize low level network problem (such as tcp retrasmissions, or ip fragmentation) but make hard-working and time wasting to analize more high level details ( such as content correctness, keep-alive issues, connection timeouts, response time, etc) </li>     <li><b>Textmode sniffers</b> usually rebuild TCP stream but cannot collect low level information such as timestamps. They often rebuild the tcp flow in a too simplistic way and fail when dealing with complex TCP/IP issues (reordering, retransmission, reassemlbying, etc). TCP reassembling and reordering is a complex exercise, and require a deep knowledge of TCP/IP protocol and long experience in the field. Usually,they are useful for pure grabbing content from network traffic. </li>    </ul>    <p>Justniffer was born to help in toubleshooting perfomance in network tcp based services : HTTP, JDBC, RTSP, SIP, SMTP, IMAP, POP, LDAP, etc. </p>    <p>It can collect low and hight level protocol and performance info reconstructing the tcp flow in a reliable way using portions of the Linux Kernel code. Precisely, it uses a slightly modified version of the <a href="/misc/goto?guid=4958193993368407891">libnids</a> libraries that already include a modified version of linux kernel code in a more reusable way. </p>    <p>You can extend traffic analisys with external scripts (bash, python, or any executable). An example is provided: <a href="/misc/goto?guid=4958193994127213141">justniffer-grab-http-traffic</a> script uses justniffer to saves files (images, text, html pages, javascript, flash, video, etc) captured from HTTP traffic.</p>    <p>Justniffer can generate logs in a customizable way. For example it can mimic the apache access_log</p>    <br />    <table class="comparison ke-zeroborder">     <tbody>      <tr></tr>     </tbody>     <caption>      Justniffer features summary     </caption>     <tbody>      <tr>       <td class="featurename">TCP flow rebuild </td>       <td class="featurevalue">very reliable: it can reorder, reassemble tcp segments and ip fragments using portions of the Linux kernel code </td>      </tr>      <tr>       <td class="featurename">Logging </td>       <td class="featurevalue">text mode: can be customized </td>      </tr>      <tr>       <td class="featurename">Extensibility </td>       <td class="featurevalue">by any executable, such as bash, python, perl scripts, ELF executable, etc. </td>      </tr>      <tr>       <td class="featurename">Performance measurement </td>       <td class="featurevalue">it can collect many information on performances: connection time, close time, request time , response time, close time, etc. </td>      </tr>     </tbody>    </table>    <br />