Open Source Network Forensic Analysis Tool (NFAT) 

net-sniff-ng the packet sniffing beast

In past we have written about net-sniff-ng and we have used it in tandem with  Xplico.

In recent days Daniel Borkmann  has released a new version of net-sniff-ng, in this new version there are many improvements and new feature. With the last version 0.5.6 net-sniff-ng can be used with Xplico without apply any patch.

So we recommend  to all Xplico users to use the last version of net-sniff-ng.

To use net-sniff-ng as a network probe for Xplico on the ethernet interface eth0, with the pcap files in /opt/xplico/pol_1/sol_1 (ie first case and first session in the first case)  and with an  acquisition time interval of 300 seconds (5 minutes) the command to be use is:

sudo netsniff-ng -i eth0 –out /opt/xplico/pol_1/sol_1/new –silent –jumbo-support –interval 300

Enjoy with net-sniff-ng!