|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | USAGE EXAMPLE | CONFIGURATION FILE | INTERACTIVE MODE HOWTO | DIRECT MODE HOWTO | NOTE | LEGAL | HISTORY | SEE ALSO | AUTHOR | COLOPHON | COLOPHON |
|
|
|
MAUSEZAHN(8) netsniff-ng toolkit MAUSEZAHN(8)
mausezahn - a fast versatile packet generator with Cisco-cli
mausezahn { [options] "<arg-string> | <hex-string>" }
mausezahn is a fast traffic generator which allows you to send
nearly every possible and impossible packet. In contrast to
trafgen(8), mausezahn's packet configuration is on a protocol-
level instead of byte-level and mausezahn also comes with a built-
in Cisco-like command-line interface, making it suitable as a
network traffic generator box in your network lab.
Next to network labs, it can also be used as a didactical tool and
for security audits including penetration and DoS testing. As a
traffic generator, mausezahn is also able to test IP multicast or
VoIP networks. Packet rates close to the physical limit are
reachable, depending on the hardware platform.
mausezahn supports two modes, ''direct mode'' and a multi-threaded
''interactive mode''.
The ''direct mode'' allows you to create a packet directly on the
command line and every packet parameter is specified in the
argument list when calling mausezahn.
The ''interactive mode'' is an advanced multi-threaded
configuration mode with its own command line interface (CLI). This
mode allows you to create an arbitrary number of packet types and
streams in parallel, each with different parameters.
The interactive mode utilizes a completely redesigned and more
flexible protocol framework called ''mops'' (mausezahn's own
packet system). The look and feel of the CLI is very close to the
Cisco IOS^tm command line interface.
You can start the interactive mode by executing mausezahn with the
''-x'' argument (an optional port number may follow, otherwise it
is 25542). Then use telnet(1) to connect to this mausezahn
instance. If not otherwise specified, the default login and
password combination is mz:mz and the enable password is: mops.
This can be changed in /etc/netsniff-ng/mausezahn.conf.
The direct mode supports two specification schemes: The ''raw-
layer-2'' scheme, where every single byte to be sent can be
specified, and ''higher-layer'' scheme, where packet builder
interfaces are used (using the ''-t'' option).
To use the ''raw-layer-2'' scheme, simply specify the desired
frame as a hexadecimal sequence (the ''hex-string''), such as:
mausezahn eth0 "00:ab:cd:ef:00 00:00:00:00:00:01 08:00
ca:fe:ba:be"
In this example, whitespaces within the byte string are optional
and separate the Ethernet fields (destination and source address,
type field, and a short payload). The only additional options
supported are ''-a'', ''-b'', ''-c'', and ''-p''. The frame length
must be greater than or equal to 15 bytes.
The ''higher-layer'' scheme is enabled using the ''-t <packet-
type>'' option. This option activates a packet builder, and
besides the ''packet-type'', an optional ''arg-string'' can be
specified. The ''arg-string'' contains packet- specific
parameters, such as TCP flags, port numbers, etc. (see example
section).
mausezahn provides a built-in context-specific help. Append the
keyword
''help'' after the configuration options. The most important
options are:
-x [<port>]
Start mausezahn in interactive mode with a Cisco-like CLI. Use
telnet to log into the local mausezahn instance. If no port has
been specified, port 25542 is used by default.
-6
Specify IPv6 mode (IPv4 is the default).
-l <IP>
Specify the IP address mausezahn should bind to when in
interactive mode, default: 0.0.0.0.
-R <PRIO>
Set priority of sent packets. This configures SO_PRIORITY at the
socket through which the packets are sent. Usual priority numbers
are 0..15, but the value can also be a class ID for purposes of
Qdisc classification. In that case, a class ID such is 1234:5678
would be specified as 0x12345678.
-v
Verbose mode. Capital -V is even more verbose.
-S
Simulation mode, i.e. don't put anything on the wire. This is
typically combined with the verbose mode.
-q
Quiet mode where only warnings and errors are displayed.
-c <count>
Send the packet count times (default: 1, infinite: 0).
-d <delay>
Apply delay between transmissions. The delay value can be
specified in usec (default, no additional unit needed), or in msec
(e.g. 100m or 100msec), or in seconds (e.g. 100s or 100sec). Note:
mops also supports nanosecond delay resolution if you need it (see
interactive mode).
-r
Multiply the specified delay with a random value.
-p <length>
Pad the raw frame to specified length using zero bytes. Note that
for raw layer 2 frames the specified length defines the whole
frame length, while for higher layer packets the number of
additional padding bytes are specified.
-a <src-mac|keyword>
Use specified source MAC address with hexadecimal notation such as
00:00:aa:bb:cc:dd. By default the interface MAC address will be
used. The keywords ''rand'' and ''own'' refer to a random MAC
address (only unicast addresses are created) and the own address,
respectively. You can also use the keywords mentioned below
although broadcast-type source addresses are officially invalid.
-b <dst-mac|keyword>
Use specified destination MAC address. By default, a broadcast is
sent in raw layer 2 mode or to the destination hosts or gateway
interface MAC address in normal (IP) mode. You can use the same
keywords as mentioned above, as well as ''bc'' or ''bcast'',
''cisco'', and ''stp''.
-A <src-ip|range|rand>
Use specified source IP address, default is own interface address.
Optionally, the keyword ''rand'' can again be used for a random
source IP address or a range can be specified, such as
''192.168.1.1-192.168.1.100'' or ''10.1.0.0/16''. Also, a DNS
name can be specified for which mausezahn tries to determine the
corresponding IP address automatically.
-B <dst-ip|range>
Use specified destination IP address (default is broadcast i.e.
255.255.255.255). As with the source address (see above) you can
also specify a range or a DNS name.
-t <packet-type [help] | help>
Create the specified packet type using the built-in packet
builder. Currently, supported packet types are: ''arp'', ''bpdu'',
''ip'', ''udp'', ''tcp'', ''rtp'', and ''dns''. Currently, there
is also limited support for ''icmp''. Type
''-t help'' to verify which packet builders your actual mausezahn
version supports. Also, for any particular packet type, for
example ''tcp'' type
''mausezahn -t tcp help'' to receive a more in-depth context
specific help.
-T <packet-type>
Make this mausezahn instance the receiving station. Currently,
only ''rtp'' is an option here and provides precise jitter
measurements. For this purpose, start another mausezahn instance
on the sending station and the local receiving station will output
jitter statistics. See ''mausezahn -T rtp help'' for a detailed
help.
-Q <[CoS:]vlan> [, <[CoS:]vlan>, ...]
Specify 802.1Q VLAN tag and optional Class of Service. An
arbitrary number of VLAN tags can be specified (that is, you can
simulate QinQ or even QinQinQinQ..). Multiple tags must be
separated via a comma or a period (e.g. "5:10,20,2:30"). VLAN
tags are not supported for ARP and BPDU packets (in which case you
could specify the whole frame in hexadecimal using the raw layer 2
interface of mausezahn).
-M <label[:cos[:ttl]][bos]> [, <label...>]
Specify a MPLS label or even a MPLS label stack. Optionally, for
each label the experimental bits (usually the Class of Service,
CoS) and the Time To Live (TTL) can be specified. If you are
really crazy you can set and unset the Bottom of Stack (BoS) bit
for each label using the ''S'' (set) and ''s'' (unset) option. By
default, the BoS is set automatically and correctly. Any other
setting will lead to invalid frames. Enter ''-M help'' for
detailed instructions and examples.
-P <ascii-payload>
Specify a cleartext payload. Alternatively, each packet type
supports a hexadecimal specification of the payload (see for
example ''-t udp help'').
-f <filename>
Read the ASCII payload from the specified file.
-F <filename>
Read the hexadecimal payload from the specified file. Actually,
this file must be also an ASCII text file, but must contain
hexadecimal digits, e.g. "aa:bb:cc:0f:e6...". You can use also
spaces as separation characters.
For more comprehensive examples, have a look at the two following
HOWTO sections.
mausezahn eth0 -c 0 -d 2s -t bpdu vlan=5
Send BPDU frames for VLAN 5 as used with Cisco's PVST+ type of
STP. By default mausezahn assumes that you want to become the root
bridge.
mausezahn eth0 -c 128000 -a rand -p 64
Perform a CAM table overflow attack.
mausezahn eth0 -c 0 -Q 5,100 -t tcp flags=syn,dp=1-1023 -p 20 -A rand
-B 10.100.100.0/24
Perform a SYN flood attack to another VLAN using VLAN hopping.
This only works if you are connected to the same VLAN which is
configured as native VLAN on the trunk. We assume that the victim
VLAN is VLAN 100 and the native VLAN is VLAN 5. Lets attack every
host in VLAN 100 which use an IP prefix of 10.100.100.0/24, also
try out all ports between 1 and 1023 and use a random source IP
address.
mausezahn eth0 -c 0 -d 10msec -B 230.1.1.1 -t udp dp=32000,dscp=46 -P
Multicast test packet
Send IP multicast packets to the multicast group 230.1.1.1 using a
UDP header with destination port 32000 and set the IP DSCP field
to EF (46). Send one frame every 10 msec.
mausezahn eth0 -Q 6:420 -M 100,200,300:5 -A 172.30.0.0/16 -B
target.anynetwork.foo -t udp sp=666,dp=1-65535 -p 1000 -c 10
Send UDP packets to the destination host target.anynetwork.foo
using all possible destination ports and send every packet with
all possible source addresses of the range 172.30.0.0/16;
additionally use a source port of 666 and three MPLS labels, 100,
200, and 300, the outer (300) with QoS field 5. Send the frame
with a VLAN tag 420 and CoS 6; eventually pad with 1000 bytes and
repeat the whole thing 10 times.
mausezahn -t syslog sev=3 -P Main reactor reached critical
temperature. -A 192.168.33.42 -B 10.1.1.9 -c 6 -d 10s
Send six forged syslog messages with severity 3 to a Syslog server
10.1.1.9; use a forged source IP address 192.168.33.42 and let
mausezahn decide which local interface to use. Use an inter-packet
delay of 10 seconds.
mausezahn -t tcp flags=syn|urg|rst, sp=145, dp=145, win=0,
s=0-4294967295, ds=1500, urg=666 -a bcast -b bcast -A bcast -B
10.1.1.6 -p 5
Send an invalid TCP packet with only a 5 byte payload as layer-2
broadcast and also use the broadcast MAC address as source
address. The target should be 10.1.1.6 but use a broadcast source
address. The source and destination port shall be 145 and the
window size 0. Set the TCP flags SYN, URG, and RST simultaneously
and sweep through the whole TCP sequence number space with an
increment of 1500. Finally set the urgent pointer to 666, i.e.
pointing to nowhere.
When mausezahn is run in interactive mode it automatically looks
for and reads a configuration file located at /etc/netsniff-
ng/mausezahn.conf for custom options if the file is available,
otherwise it uses defaults set at compile time.
Config file: /etc/netsniff-ng/mausezahn.conf
The configuration file contains lines of the form:
option = value
Options supported in the configuration file are:
Option: Description:
user Username for authentication (default: mz)
password Password for authentication (default: mz)
enable Password to enter privilege mode (default:
mops)
port The listening port for the CLI (default: 25542)
listen-addr IP address to bind CLI to (default:
0.0.0.0)
management-only Set management interface (no data traffic
is allowed to pass through)
cli-device Interface to bind CLI to (default: all)
*not fully implemented*
automops Path to automops file (contains XML data
describing protocols) *in development*
Example:
$ cat /etc/netsniff-ng/mausezahn.conf
user = mzadmin
password = mzpasswd
enable = privilege-mode-passwd
port = 65000
listen-addr = 127.0.0.1
Telnet:
Using the interactive mode requires starting mausezahn as a
server:
# mausezahn -x
Now you can telnet(1) to that server using the default port number
25542, but also an arbitrary port number can be specified:
# mausezahn -x 99
mausezahn accepts incoming telnet connections on port 99.
mz: Problems opening config file. Will use defaults
Either from another terminal or from another host try to telnet to
the mausezahn server:
caprica$ telnet galactica 99
Trying 192.168.0.4...
Connected to galactica.
Escape character is '^]'.
mausezahn <version>
Username: mz
Password: mz
mz> enable
Password: mops
mz#
It is recommended to configure your own login credentials in
/etc/netsniff-ng/mausezahn.conf, (see configuration file section)
Basics:
Since you reached the mausezahn prompt, lets try some common
commands. You can use the '?' character at any time for context-
specific help. Note that Cisco-like short form of commands are
accepted in interactive mode. For example, one can use "sh pac"
instead of "show packet"; another common example is to use "config
t" in place of "configure terminal". For readability, this manual
will continue with the full commands.
First try out the show command:
mz# show ?
mausezahn maintains its own ARP table and observes anomalies.
There is an entry for every physical interface (however this host
has only one):
mz# show arp
Intf Index IP address MAC address last Ch
UCast BCast Info
----------------------------------------------------------------------------------
eth0 [1] D 192.168.0.1 00:09:5b:9a:15:84 23:44:41 1
1 0 0000
The column Ch tells us that the announced MAC address has only
changed one time (= when it was learned). The columns Ucast and
BCast tell us how often this entry was announced via unicast or
broadcast respectively.
Let's check our interfaces:
mz# show interface
Available network interfaces:
real real used
(fake) used (fake)
device IPv4 address MAC address IPv4
address MAC address
---------------------------------------------------------------------------------------
> eth0 192.168.0.4 00:30:05:76:2e:8d
192.168.0.4 00:30:05:76:2e:8d
lo 127.0.0.1 00:00:00:00:00:00 127.0.0.1
00:00:00:00:00:00
2 interfaces found.
Default interface is eth0.
Defining packets:
Let's check the current packet list:
mz# show packet
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS,
I/i=IP/delivery_off, U=UDP, T=TCP
PktID PktName Layers Proto Size State
Device Delay Count/CntX
1 sysARP_servic... E----- ARP 60 config lo
100 msec 1/0 (100%)
1 packets defined, 0 active.
We notice that there is already one system-defined packet process;
it has been created and used only once (during startup) by
mausezahn's ARP service. Currently, its state is config which
means that the process is sleeping.
General packet options:
Now let's create our own packet process and switch into the global
configuration mode:
mz# configure terminal
mz(config)# packet
Allocated new packet PKT0002 at slot 2
mz(config-pkt-2)# ?
...
name Assign a unique name
description Assign a packet description text
bind Select the network interface
count Configure the packet count value
delay Configure the inter-packet delay
interval Configure a greater interval
type Specify packet type
mac Configure packet's MAC addresses
tag Configure tags
payload Configure a payload
port Configure packet's port numbers
end End packet configuration mode
ethernet Configure frame's Ethernet, 802.2, 802.3,
or SNAP settings
ip Configure packet's IP settings
udp Configure packet's UDP header parameters
tcp Configure packet's TCP header parameters
Here are a lot of options but normally you only need a few of
them. When you configure lots of different packets you might
assign a reasonable name and description for them:
mz(config-pkt-2)# name Test
mz(config-pkt-2)# description This is just a test
You can, for example, change the default settings for the source
and destination MAC or IP addresses using the mac and ip commands:
mz(config-pkt-2)# ip address destination 10.1.1.0 /24
mz(config-pkt-2)# ip address source random
In the example above, we configured a range of addresses (all
hosts in the network 10.1.1.0 should be addressed). Additionally
we spoof our source IP address. Of course, we can also add one or
more VLAN and, or, MPLS tag(s):
mz(config-pkt-2)# tag ?
dot1q Configure 802.1Q (and 802.1P) parameters
mpls Configure MPLS label stack
mz(config-pkt-2)# tag dot ?
Configure 802.1Q tags:
VLAN[:CoS] [VLAN[:CoS]] ... The leftmost tag is the outer tag
in the frame
remove <tag-nr> | all Remove one or more tags (<tag-nr>
starts with 1),
by default the first
(=leftmost,outer) tag is removed,
keyword 'all' can be used instead
of tag numbers.
cfi | nocfi [<tag-nr>] Set or unset the CFI-bit in any
tag (by default
assuming the first tag).
mz(config-pkt-2)# tag dot 1:7 200:5
Configure count and delay:
mz(config-pkt-2)# count 1000
mz(config-pkt-2)# delay ?
delay <value> [hour | min | sec | msec | usec | nsec]
Specify the inter-packet delay in hours, minutes, seconds,
milliseconds, microseconds or nanoseconds. The default unit is
milliseconds (i.e. when no unit is given).
mz(config-pkt-2)# delay 1 msec
Inter-packet delay set to 0 sec and 1000000 nsec
mz(config-pkt-2)#
Configuring protocol types:
mausezahn's interactive mode supports a growing list of protocols
and only relies on the MOPS architecture (and not on libnet as is
the case with the legacy direct mode):
mz(config-pkt-2)# type
Specify a packet type from the following list:
arp
bpdu
igmp
ip
lldp
tcp
udp
mz(config-pkt-2)# type tcp
mz(config-pkt-2-tcp)#
....
seqnr Configure the TCP sequence number
acknr Configure the TCP acknowledgement number
hlen Configure the TCP header length
reserved Configure the TCP reserved field
flags Configure a combination of TCP flags at
once
cwr Set or unset the TCP CWR flag
ece Set or unset the TCP ECE flag
urg Set or unset the TCP URG flag
ack set or unset the TCP ACK flag
psh set or unset the TCP PSH flag
rst set or unset the TCP RST flag
syn set or unset the TCP SYN flag
fin set or unset the TCP FIN flag
window Configure the TCP window size
checksum Configure the TCP checksum
urgent-pointer Configure the TCP urgent pointer
options Configure TCP options
end End TCP configuration mode
mz(config-pkt-2-tcp)# flags syn fin rst
Current setting is: --------------------RST-SYN-FIN
mz(config-pkt-2-tcp)# end
mz(config-pkt-2)# payload ascii This is a dummy payload for my
first packet
mz(config-pkt-2)# end
Now configure another packet, for example let's assume we want an
LLDP process:
mz(config)# packet
Allocated new packet PKT0003 at slot 3
mz(config-pkt-3)# type lldp
mz(config-pkt-3-lldp)# exit
mz(config)# exit
In the above example we only use the default LLDP settings and
don't configure further LLDP options or TLVs. Back in the top
level of the CLI let's verify what we had done:
mz# show packet
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS,
I/i=IP/delivery_off, U=UDP, T=TCP
PktID PktName Layers Proto Size State
Device Delay Count/CntX
1 sysARP_servic... E----- ARP 60 config lo
100 msec 1/0 (100%)
2 Test E-Q-IT 125 config eth0
1000 usec 1000/1000 (0%)
3 PKT0003 E----- LLDP 36 config eth0
30 sec 0/0 (0%)
3 packets defined, 0 active.
The column Layers indicates which major protocols have been
combined. For example the packet with packet-id 2 ("Test")
utilizes Ethernet (E), IP (I), and TCP (T). Additionally an 802.1Q
tag (Q) has been inserted. Now start one of these packet
processes:
mz# start slot 3
Activate [3]
mz# show packet
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS,
I/i=IP/delivery_off, U=UDP, T=TCP
PktID PktName Layers Proto Size State
Device Delay Count/CntX
1 sysARP_servic... E----- ARP 60 config lo
100 msec 1/0 (100%)
2 Test E-Q-IT 125 config eth0
1000 usec 1000/1000 (0%)
3 PKT0003 E----- LLDP 36 config eth0
30 sec 0/1 (0%)
3 packets defined, 1 active.
Let's have a more detailed look at a specific packet process:
mz# show packet 2
Packet [2] Test
Description: This is just a test
State: config, Count=1000, delay=1000 usec (0 s 1000000 nsec),
interval= (undefined)
Headers:
Ethernet: 00-30-05-76-2e-8d => ff-ff-ff-ff-ff-ff [0800 after
802.1Q tag]
Auto-delivery is ON (that is, the actual MAC is adapted upon
transmission)
802.1Q: 0 tag(s); (VLAN:CoS)
IP: SA=192.168.0.4 (not random) (no range)
DA=255.255.255.255 (no range)
ToS=0x00 proto=17 TTL=255 ID=0 offset=0 flags: -|-|-
len=49664(correct) checksum=0x2e8d(correct)
TCP: 83 bytes segment size (including TCP header)
SP=0 (norange) (not random), DP=0 (norange) (not random)
SQNR=3405691582 (start 0, stop 4294967295, delta 0) --
ACKNR=0 (invalid)
Flags: ------------------------SYN----, reserved field is
00, urgent pointer= 0
Announced window size= 100
Offset= 0 (times 32 bit; value is valid), checksum= ffff
(valid)
(No TCP options attached) - 0 bytes defined
Payload size: 43 bytes
Frame size: 125 bytes
1 ff:ff:ff:ff:ff:ff:00:30 05:76:2e:8d:81:00:e0:01
81:00:a0:c8:08:00:45:00 00:67:00:00:00:00:ff:06
33 fa:e4:c0:a8:00:04:ff:ff ff:ff:00:00:00:00:ca:fe
ba:be:00:00:00:00:a0:07 00:64:f7:ab:00:00:02:04
65 05:ac:04:02:08:0a:19:35 90:c3:00:00:00:00:01:03
03:05:54:68:69:73:20:69 73:20:61:20:64:75:6d:6d
97 79:20:70:61:79:6c:6f:61 64:20:66:6f:72:20:6d:79
20:66:69:72:73:74:20:70 61:63:6b:65:74
mz#
If you want to stop one or more packet processes, use the stop
command. The "emergency stop" is when you use stop all:
mz# stop all
Stopping
[3] PKT0003
Stopped 1 transmission processe(s)
The launch command provides a shortcut for commonly used packet
processes. For example to behave like a STP-capable bridge we want
to start an BPDU process with typical parameters:
mz# launch bpdu
Allocated new packet sysBPDU at slot 5
mz# show packet
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS,
I/i=IP/delivery_off, U=UDP, T=TCP
PktID PktName Layers Proto Size State
Device Delay Count/CntX
1 sysARP_servic... E----- ARP 60 config lo
100 msec 1/0 (100%)
2 Test E-Q-IT 125 config eth0
1000 usec 1000/1000 (0%)
3 PKT0003 E----- LLDP 36 config eth0
30 sec 0/12 (0%)
4 PKT0004 E---I- IGMP 46 config eth0
100 msec 0/0 (0%)
5 sysBPDU ES---- BPDU 29 active eth0
2 sec 0/1 (0%)
5 packets defined, 1 active.
Now a Configuration BPDU is sent every 2 seconds, claiming to be
the root bridge (and usually confusing the LAN. Note that only
packet 5 (i.e. the last row) is active and therefore sending
packets while all other packets are in state config (i.e. they
have been configured but they are not doing anything at the
moment).
Configuring a greater interval:
Sometimes you may want to send a burst of packets at a greater
interval:
mz(config)# packet 2
Modify packet parameters for packet Test [2]
mz(config-pkt-2)# interval
Configure a greater packet interval in days, hours, minutes, or
seconds
Arguments: <value> <days | hours | minutes | seconds>
Use a zero value to disable an interval.
mz(config-pkt-2)# interval 1 hour
mz(config-pkt-2)# count 10
mz(config-pkt-2)# delay 15 usec
Inter-packet delay set to 0 sec and 15000 nsec
Now this packet is sent ten times with an inter-packet delay of 15
microseconds and this is repeated every hour. When you look at the
packet list, an interval is indicated with the additional flag 'i'
when inactive or 'I' when active:
mz# show packet
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS,
I/i=IP/delivery_off, U=UDP, T=TCP
PktID PktName Layers Proto Size State
Device Delay Count/CntX
1 sysARP_servic... E----- ARP 60 config lo
100 msec 1/0 (100%)
2 Test E-Q-IT 125 config-i eth0
15 usec 10/10 (0%)
3 PKT0003 E----- LLDP 36 config eth0
30 sec 0/12 (0%)
4 PKT0004 E---I- IGMP 46 config eth0
100 msec 0/0 (0%)
5 sysBPDU ES---- BPDU 29 active eth0
2 sec 0/251 (0%)
5 packets defined, 1 active.
mz# start slot 2
Activate [2]
mz# show packet
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS,
I/i=IP/delivery_off, U=UDP, T=TCP
PktID PktName Layers Proto Size State
Device Delay Count/CntX
1 sysARP_servic... E----- ARP 60 config lo
100 msec 1/0 (100%)
2 Test E-Q-IT 125 config+I eth0
15 usec 10/0 (100%)
3 PKT0003 E----- LLDP 36 config eth0
30 sec 0/12 (0%)
4 PKT0004 E---I- IGMP 46 config eth0
100 msec 0/0 (0%)
5 sysBPDU ES---- BPDU 29 active eth0
2 sec 0/256 (0%)
5 packets defined, 1 active.
Note that the flag 'I' indicates that an interval has been
specified for packet 2. The process is not active at the moment
(only packet 5 is active here) but it will become active at a
regular interval. You can verify the actual interval when viewing
the packet details via the 'show packet 2' command.
Load prepared configurations:
You can prepare packet configurations using the same commands as
you would type them in on the CLI and then load them to the CLI.
For example, assume we have prepared a file 'test.mops'
containing:
configure terminal
packet
name IGMP_TEST
desc This is only a demonstration how to load a file to mops
type igmp
Then we can add this packet configuration to our packet list using
the load command:
mz# load test.mops
Read commands from test.mops...
Allocated new packet PKT0002 at slot 2
mz# show packet
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS,
I/i=IP/delivery_off, U=UDP, T=TCP
PktID PktName Layers Proto Size State
Device Delay Count/CntX
1 sysARP_servic... E----- ARP 60 config lo
100 msec 1/0 (100%)
2 IGMP_TEST E---I- IGMP 46 config eth0
100 msec 0/0 (0%)
2 packets defined, 0 active.
The file src/examples/mausezahn/example_lldp.conf contains another
example list of commands to create a bogus LLDP packet. You can
load this configuration from the mausezahn command line as
follows:
mz# load /home/hh/tmp/example_lldp.conf
In case you copied the file in that path. Now when you enter 'show
packet' you will see a new packet entry in the packet list. Use
the 'start slot <nr>' command to activate this packet.
You can store your own packet creations in such a file and easily
load them when you need them. Every command within such
configuration files is executed on the command line interface as
if you had typed it in -- so be careful about the order and don't
forget to use 'configure terminal' as first command.
You can even load other files from within a central config file.
How to specify hexadecimal digits:
Many arguments allow direct byte input. Bytes are represented as
two hexadecimal digits. Multiple bytes must be separated either by
spaces, colons, or dashes - whichever you prefer. The following
byte strings are equivalent:
"aa:bb cc-dd-ee ff 01 02 03-04 05"
"aa bb cc dd ee ff:01:02:03:04 05"
To begin with, you may want to send an arbitrary fancy (possibly
invalid) frame right through your network card:
mausezahn ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:08:00:ca:fe:ba:be
or equivalent but more readable:
mausezahn ff:ff:ff:ff:ff:ff-ff:ff:ff:ff:ff:ff-08:00-ca:fe:ba:be
Basic operations:
All major command line options are listed when you execute
mausezahn without arguments. For practical usage, keep the
following special (not so widely known) options in mind:
-r Multiplies the specified delay with a
random value.
-p <length> Pad the raw frame to specified length
(using random bytes).
-P <ASCII Payload> Use the specified ASCII payload.
-f <filename> Read the ASCII payload from a file.
-F <filename> Read the hexadecimal payload from a file.
-S Simulation mode: DOES NOT put anything on
the wire.
This is typically combined with one of the
verbose
modes (-v or V).
Many options require a keyword or a number but the -t option is an
exception since it requires both a packet type (such as ip, udp,
dns, etc) and an argument string which is specific for that packet
type. Here are some simple examples:
mausezahn -t help
mausezahn -t tcp help
mausezahn eth3 -t udp sp=69,dp=69,p=ca:fe:ba:be
Note: Don't forget that on the CLI the Linux shell (usually the
Bash) interprets spaces as a delimiting character. That is, if you
are specifying an argument that consists of multiple words with
spaces in between, you MUST group these within quotes. For
example, instead of
mausezahn eth0 -t udp sp=1,dp=80,p=00:11:22:33
you could either omit the spaces
mausezahn eth0 -t udp sp=1,dp=80,p=00:11:22:33
or, for greater safety, use quotes:
mausezahn eth0 -t udp "sp=1,dp=80,p=00:11:22:33"
In order to monitor what's going on, you can enable the verbose
mode using the -v option. The opposite is the quiet mode (-q)
which will keep mausezahn absolutely quiet (except for error
messages and warnings.)
Don't confuse the payload argument p=... with the padding option
-p. The latter is used outside the quotes!
The automatic packet builder:
An important argument is -t which invokes a packet builder.
Currently there are packet builders for ARP, BPDU, CDP, IP, partly
ICMP, UDP, TCP, RTP, DNS, and SYSLOG. (Additionally you can insert
a VLAN tag or a MPLS label stack but this works independently of
the packet builder.)
You get context specific help for every packet builder using the
help keyword, such as:
mausezahn -t bpdu help
mausezahn -t tcp help
For every packet you may specify an optional payload. This can be
done either via hexadecimal notation using the payload (or short
p) argument or directly as ASCII text using the -P option:
mausezahn eth0 -t ip -P "Hello World" #
ASCII payload
mausezahn eth0 -t ip p=68:65:6c:6c:6f:20:77:6f:72:6c:64 #
hex payload
mausezahn eth0 -t ip "proto=89, \
p=68:65:6c:6c:6f:20:77:6f:72:6c:64, \ #
same with other
ttl=1" #
IP arguments
Note: The raw link access mode only accepts hexadecimal payloads
(because you specify everything in hexadecimal here.)
Packet count and delay:
By default only one packet is sent. If you want to send more
packets then use the count option -c <count>. When count is zero
then mausezahn will send forever. By default, mausezahn sends at
maximum speed (and this is really fast ;-)). If you don't want to
overwhelm your network devices or have other reasons to send at a
slower rate then you might want to specify a delay using the -d
<delay> option.
If you only specify a numeric value it is interpreted in
microsecond units. Alternatively, for easier use, you might
specify units such as seconds, sec, milliseconds, or msec. (You
can also abbreviate this with s or m.) Note: Don't use spaces
between the value and the unit! Here are typical examples:
Send an infinite number of frames as fast as possible:
mausezahn -c 0 "aa bb cc dd ...."
Send 100,000 frames with a 50 msec interval:
mausezahn -c 100000 -d 50msec "aa bb cc dd ...."
Send an unlimited number of BPDU frames in a 2 second interval:
mausezahn -c 0 -d 2s -t bpdu conf
Note: mausezahn does not support fractional numbers. If you want
to specify for example 2.5 seconds then express this in
milliseconds (2500 msec).
Source and destination addresses:
As a mnemonic trick keep in mind that all packets run from "A" to
"B". You can always specify source and destination MAC addresses
using the -a and -b options, respectively. These options also
allow keywords such as rand, own, bpdu, cisco, and others.
Similarly, you can specify source and destination IP addresses
using the -A and -B options, respectively. These options also
support FQDNs (i.e. domain names) and ranges such as
192.168.0.0/24 or 10.0.0.11-10.0.3.22. Additionally, the source
address option supports the rand keyword (ideal for "attacks").
Note: When you use the packet builder for IP-based packets (e.g.
UDP or TCP) then mausezahn automatically cares about correct MAC
and IP addresses (i.e. it performs ARP, DHCP, and DNS for you).
But when you specify at least a single link-layer address (or any
other L2 option such as a VLAN tag or MPLS header) then ARP is
disabled and you must care for the Ethernet destination address
for yourself.
Layer-2:
`-- Direct link access:
mausezahn allows you to send ANY chain of bytes directly through
your Ethernet interface:
mausezahn eth0 "ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff 00:00
ca:fe:ba:be"
This way you can craft every packet you want but you must do it by
hand. Note: On Wi-Fi interfaces the header is much more
complicated and automatically created by the Wi-Fi driver. As an
example to introduce some interesting options, lets continuously
send frames at max speed with random source MAC address and
broadcast destination address, additionally pad the frame to 1000
bytes:
mausezahn eth0 -c 0 -a rand -b bcast -p 1000 "08 00 aa bb cc dd"
The direct link access supports automatic padding using the -p
<total frame length> option. This allows you to pad a raw L2 frame
to the desired length. You must specify the total length, and the
total frame length must have at least 15 bytes for technical
reasons. Zero bytes are used for padding.
`-- ARP:
mausezahn provides a simple interface to the ARP packet. You can
specify the ARP method (request|reply) and up to four arguments:
sendermac, targetmac, senderip, targetip, or short smac, tmac,
sip, tip. By default, an ARP reply is sent with your own interface
addresses as source MAC and IP address, and a broadcast
destination MAC and IP address. Send a gratuitous ARP request (as
used for duplicate IP address detection):
mausezahn eth0 -t arp
ARP cache poisoning:
mausezahn eth0 -t arp "reply, senderip=192.168.0.1,
targetmac=00:00:0c:01:02:03, \
targetip=172.16.1.50"
where by default your interface MAC address will be used as
sendermac, senderip denotes the spoofed IP address, targetmac and
targetip identifies the receiver. By default, the Ethernet source
address is your interface MAC and the destination address is the
broadcast address. You can change this using the flags -a and -b.
`-- BPDU:
mausezahn provides a simple interface to the 802.1D BPDU frame
format (used to create the Spanning Tree in bridged networks). By
default, standard IEEE 802.1D BPDUs are sent and it is assumed
that your computer wants to become the root bridge (rid=bid).
Optionally the 802.3 destination address can be a specified MAC
address, broadcast, own MAC, or Cisco's PVST+ MAC address. The
destination MAC can be specified using the -b command which,
besides MAC addresses, accepts keywords such as bcast, own, pvst,
or stp (default). PVST+ is supported as well. Simply specify the
VLAN for which you want to send a BPDU:
mausezahn eth0 -t bpdu "vlan=123, rid=2000"
See mausezahn -t bpdu help for more details.
`-- CDP:
mausezahn can send Cisco Discovery Protocol (CDP) messages since
this protocol has security relevance. Of course lots of dirty
tricks are possible; for example arbitrary TLVs can be created
(using the hex-payload argument for example
p=00:0e:00:07:01:01:90) and if you want to stress the CDP database
of some device, mausezahn can send each CDP message with another
system-id using the change keyword:
mausezahn -t cdp change -c 0
Some routers and switches may run into deep problems ;-) See
mausezahn -t cdp help for more details.
`-- 802.1Q VLAN Tags:
mausezahn allows simple VLAN tagging for IP (and other higher
layer) packets. Simply use the option -Q <[CoS:]VLAN>, such as -Q
10 or -Q 3:921. By default CoS=0. For example send a TCP packet in
VLAN 500 using CoS=7:
mausezahn eth0 -t tcp -Q 7:500 "dp=80, flags=rst, p=aa:aa:aa"
You can create as many VLAN tags as you want! This is interesting
to create QinQ encapsulations or VLAN hopping: Send a UDP packet
with VLAN tags 100 (outer) and 651 (inner):
mausezahn eth0 -t udp "dp=8888, sp=13442" -P "Mausezahn is
great" -Q 100,651
Don't know if this is useful anywhere but at least it is possible:
mausezahn eth0 -t udp "dp=8888, sp=13442" -P "Mausezahn is
great" \
-Q 6:5,7:732,5:331,5,6
Mix it with MPLS:
mausezahn eth0 -t udp "dp=8888, sp=13442" -P "Mausezahn is
great" -Q 100,651 -M 314
When in raw Layer 2 mode you must create the VLAN tag completely
by yourself. For example if you want to send a frame in VLAN 5
using CoS 0 simply specify 81:00 as type field and for the next
two bytes the CoS (PCP), DEI (CFI), and VLAN ID values (all
together known as TCI):
mausezahn eth0 -b bc -a rand "81:00 00:05 08:00 aa-aa-aa-aa-aa-
aa-aa-aa-aa"
`-- MPLS labels:
mausezahn allows you to insert one or more MPLS headers. Simply
use the option -M <label:CoS:TTL:BoS> where only the label is
mandatory. If you specify a second number it is interpreted as the
experimental bits (the CoS usually). If you specify a third number
it is interpreted as TTL. By default the TTL is set to 255. The
Bottom of Stack flag is set automatically, otherwise the frame
would be invalid, but if you want you can also set or unset it
using the S (set) and s (unset) argument. Note that the BoS must
be the last argument in each MPLS header definition. Here are some
examples:
Use MPLS label 214:
mausezahn eth0 -M 214 -t tcp "dp=80" -P "HTTP..." -B myhost.com
Use three labels (the 214 is now the outer):
mausezahn eth0 -M 9999,51,214 -t tcp "dp=80" -P "HTTP..." -B
myhost.com
Use two labels, one with CoS=5 and TTL=1, the other with CoS=7:
mausezahn eth0 -M 100:5:1,500:7 -t tcp "dp=80" -P "HTTP..." -B
myhost.com
Unset the BoS flag (which will result in an invalid frame):
mausezahn eth0 -M 214:s -t tcp "dp=80" -P "HTTP..." -B
myhost.com
Layer 3-7:
IP, UDP, and TCP packets can be padded using the -p option.
Currently 0x42 is used as padding byte ('the answer'). You cannot
pad DNS packets (would be useless anyway).
`-- IP:
mausezahn allows you to send any malformed or correct IP packet.
Every field in the IP header can be manipulated. The IP addresses
can be specified via the -A and -B options, denoting the source
and destination address, respectively. You can also specify an
address range or a host name (FQDN). Additionally, the source
address can also be random. By default the source address is your
interface IP address and the destination address is a broadcast
address. Here are some examples:
ASCII payload:
mausezahn eth0 -t ip -A rand -B 192.168.1.0/24 -P "hello world"
Hexadecimal payload:
mausezahn eth0 -t ip -A 10.1.0.1-10.1.255.254 -B 255.255.255.255
p=ca:fe:ba:be
Will use correct source IP address:
mausezahn eth0 -t ip -B www.xyz.com
The Type of Service (ToS) byte can either be specified directly by
two hexadecimal digits, which means you can also easily set the
Explicit Congestion Notification (ECN) bits (LSB 1 and 2), or you
may only want to specify a common DSCP value (bits 3-8) using a
decimal number (0..63):
Packet sent with DSCP = Expedited Forwarding (EF):
mausezahn eth0 -t ip
dscp=46,ttl=1,proto=1,p=08:00:5a:a2:de:ad:be:af
If you leave the checksum as zero (or unspecified) the correct
checksum will be automatically computed. Note that you can only
use a wrong checksum when you also specify at least one L2 field
manually.
`-- UDP:
mausezahn supports easy UDP datagram generation. Simply specify
the destination address (-B option) and optionally an arbitrary
source address (-A option) and as arguments you may specify the
port numbers using the dp (destination port) and sp (source port)
arguments and a payload. You can also easily specify a whole port
range which will result in sending multiple packets. Here are some
examples:
Send test packets to the RTP port range:
mausezahn eth0 -B 192.168.1.1 -t udp "dp=16384-32767, \
p=A1:00:CC:00:00:AB:CD:EE:EE:DD:DD:00"
Send a DNS request as local broadcast (often a local router
replies):
mausezahn eth0 -t udp
dp=53,p=c5-2f-01-00-00-01-00-00-00-00-00-00-03-77-77-\
77-03-78-79-7a-03-63-6f-6d-00-00-01-00-01"
Additionally you may specify the length and checksum using the len
and sum arguments (will be set correctly by default). Note:
several protocols have same arguments such as len (length) and sum
(checksum). If you specified a UDP type packet (via -t udp) and
want to modify the IP length, then use the alternate keyword iplen
and ipsum. Also note that you must specify at least one L2 field
which tells mausezahn to build everything without the help of your
kernel (the kernel would not allow modifying the IP checksum and
the IP length).
`-- ICMP:
mausezahn currently only supports the following ICMP methods: PING
(echo request), Redirect (various types), Unreachable (various
types). Additional ICMP types will be supported in future.
Currently you would need to tailor them by yourself, e.g. using
the IP packet builder (setting proto=1). Use the mausezahn -t icmp
help for help on currently implemented options.
`-- TCP:
mausezahn allows you to easily tailor any TCP packet. Similarly as
with UDP you can specify source and destination port (ranges)
using the sp and dp arguments. Then you can directly specify the
desired flags using an "|" as delimiter if you want to specify
multiple flags. For example, a SYN-Flood attack against host
1.1.1.1 using a random source IP address and periodically using
all 1023 well-known ports could be created via:
mausezahn eth0 -A rand -B 1.1.1.1 -c 0 -t tcp "dp=1-1023,
flags=syn" \
-P "Good morning! This is a SYN Flood Attack.
\
We apologize for any inconvenience."
Be careful with such SYN floods and only use them for firewall
testing. Check your legal position! Remember that a host with an
open TCP session only accepts packets with correct socket
information (addresses and ports) and a valid TCP sequence number
(SQNR). If you want to try a DoS attack by sending a RST-flood and
you do NOT know the target's initial SQNR (which is normally the
case) then you may want to sweep through a range of sequence
numbers:
mausezahn eth0 -A legal.host.com -B target.host.com \
-t tcp "sp=80,dp=80,s=1-4294967295"
Fortunately, the SQNR must match the target host's acknowledgement
number plus the announced window size. Since the typical window
size is something between 40000 and 65535 you are MUCH quicker
when using an increment via the ds argument:
mausezahn eth0 -A legal.host.com -B target.host.com \
-t tcp "sp=80, dp=80, s=1-4294967295, ds=40000"
In the latter case mausezahn will only send 107375 packets instead
of 4294967295 (which results in a duration of approximately 1
second compared to 11 hours!). Of course you can tailor any TCP
packet you like. As with other L4 protocols mausezahn builds a
correct IP header but you can additionally access every field in
the IP packet (also in the Ethernet frame).
`-- DNS:
mausezahn supports UDP-based DNS requests or responses. Typically
you may want to send a query or an answer. As usual, you can
modify every flag in the header. Here is an example of a simple
query:
mausezahn eth0 -B mydns-server.com -t dns "q=www.ibm.com"
You can also create server-type messages:
mausezahn eth0 -A spoofed.dns-server.com -B target.host.com \
"q=www.topsecret.com, a=172.16.1.1"
The syntax according to the online help (-t dns help) is:
query|q = <name>[:<type>] ............. where type is per
default "A"
(and class is always
"IN")
answer|a = [<type>:<ttl>:]<rdata> ...... ttl is per default 0.
= [<type>:<ttl>:]<rdata>/[<type>:<ttl>:]<rdata>/...
Note: If you only use the 'query' option then a query is sent. If
you additionally add an 'answer' then an answer is sent. Examples:
q = www.xyz.com
q = www.xyz.com, a=192.168.1.10
q = www.xyz.com, a=A:3600:192.168.1.10
q = www.xyz.com, a=CNAME:3600:abc.com/A:3600:192.168.1.10
Please try out mausezahn -t dns help to see the many other
optional command line options.
`-- RTP and VoIP path measurements:
mausezahn can send arbitrary Real Time Protocol (RTP) packets. By
default a classical G.711 codec packet of 20 ms segment size and
160 bytes is assumed. You can measure jitter, packet loss, and
reordering along a path between two hosts running mausezahn. The
jitter measurement is either done following the variance low-pass
filtered estimation specified in RFC 3550 or using an alternative
"real-time" method which is even more precise (the RFC-method is
used by default). For example on Host1 you start a transmission
process:
mausezahn -t rtp -B 192.168.1.19
And on Host2 (192.168.1.19) a receiving process which performs the
measurement:
mausezahn -T rtp
Note that the option flag with the capital "T" means that it is a
server RTP process, waiting for incoming RTP packets from any
mausezahn source. In case you want to restrict the measurement to
a specific source or you want to perform a bidirectional
measurement, you must specify a stream identifier. Here is an
example for bidirectional measurements which logs the running
jitter average in a file:
Host1# mausezahn -t rtp id=11:11:11:11 -B 192.168.2.2 &
Host1# mausezahn -T rtp id=22:22:22:22 "log, path=/tmp/mz/"
Host2# mausezahn -t rtp id=22:22:22:22 -B 192.168.1.1 &
Host2# mausezahn -T rtp id=11:11:11:11 "log, path=/tmp/mz/"
In any case the measurements are printed continuously onto the
screen; by default it looks like this:
0.00 0.19 0.38
0.57
|-------------------------|-------------------------|-------------------------|
#########
0.07 msec
####################
0.14 msec
##
0.02 msec
###
0.02 msec
#########
0.07 msec
####
0.03 msec
#########
0.07 msec
#############
0.10 msec
##
0.02 msec
###########################################
0.31 msec
#########
0.07 msec
##############################################
0.33 msec
###############
0.11 msec
##########
0.07 msec
###############
0.11 msec
##########################################################
0.42 msec
#####
0.04 msec
More information is shown using the txt keyword:
mausezahn -T rtp txt
Got 100 packets from host 192.168.0.3: 0 lost (0 absolute lost),
1 out of order
Jitter_RFC (low pass filtered) = 30 usec
Samples jitter (min/avg/max) = 1/186/2527 usec
Delta-RX (min/avg/max) = 2010/20167/24805 usec
Got 100 packets from host 192.168.0.3: 0 lost (0 absolute lost),
1 out of order
Jitter_RFC (low pass filtered) = 17 usec
Samples jitter (min/avg/max) = 1/53/192 usec
Delta-RX (min/avg/max) = 20001/20376/20574 usec
Got 100 packets from host 192.168.0.3: 0 lost (0 absolute lost),
1 out of order
Jitter_RFC (low pass filtered) = 120 usec
Samples jitter (min/avg/max) = 0/91/1683 usec
Delta-RX (min/avg/max) = 18673/20378/24822 usec
See mausezahn -t rtp help and mz -T rtp help for more details.
`-- Syslog:
The traditional Syslog protocol is widely used even in
professional networks and is sometimes vulnerable. For example you
might insert forged Syslog messages by spoofing your source
address (e.g. impersonate the address of a legit network device):
mausezahn -t syslog sev=3 -P "You have been mausezahned." -A
10.1.1.109 -B 192.168.7.7
See mausezahn -t syslog help for more details.
When multiple ranges are specified, e.g. destination port ranges
and destination address ranges, then all possible combinations of
ports and addresses are used for packet generation. Furthermore,
this can be mixed with other ranges e.g. a TCP sequence number
range. Note that combining ranges can lead to a very huge number
of frames to be sent. As a rule of thumb you can assume that about
100,000 frames and more are sent in a fraction of one second,
depending on your network interface.
mausezahn has been designed as a fast traffic generator so you
might easily overwhelm a LAN segment with myriads of packets. And
because mausezahn could also support security audits it is
possible to create malicious or invalid packets, SYN floods, port
and address sweeps, DNS and ARP poisoning, etc.
Therefore, don't use this tool when you are not aware of the
possible consequences or have only a little knowledge about
networks and data communication. If you abuse mausezahn for
'unallowed' attacks and get caught, or damage something of your
own, then this is completely your fault. So the safest solution is
to try it out in a lab environment.
Also have a look at the netsniff-ng(8) note section on how you can
properly setup and tune your system.
mausezahn is licensed under the GNU GPL version 2.0.
mausezahn was originally written by Herbert Haas. According to his
website [1], he unfortunately passed away in 2011 thus leaving
this tool unmaintained. It has been adopted and integrated into
the netsniff-ng toolkit and is further being maintained and
developed from there. Maintainers are Tobias Klauser
<[email protected]> and Daniel Borkmann
<[email protected]>.
[1] http://www.perihel.at/
netsniff-ng(8), trafgen(8), ifpps(8), bpfc(8), flowtop(8),
astraceroute(8), curvetun(8)
Manpage was written by Herbert Haas and modified by Daniel
Borkmann.
This page is part of the Linux netsniff-ng toolkit project. A
description of the project, and information about reporting bugs,
can be found at http://netsniff-ng.org/.
This page is part of the netsniff-ng (a free Linux networking
toolkit) project. Information about the project can be found at
⟨http://netsniff-ng.org/⟩. If you have a bug report for this
manual page, send it to [email protected]. This page
was obtained from the project's upstream Git repository
⟨https://github.com/netsniff-ng/netsniff-ng⟩ on 2025-08-11. (At
that time, the date of the most recent commit that was found in
the repository was 2025-06-11.) If you discover any rendering
problems in this HTML version of the page, or you believe there is
a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
[email protected]
Linux 03 March 2013 MAUSEZAHN(8)
Pages that refer to this page: astraceroute(8), bpfc(8), curvetun(8), flowtop(8), ifpps(8), netsniff-ng(8), trafgen(8)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|