Computer Laboratory Home Page Search A-Z Directory Help
University of Cambridge Home Computer Laboratory
GRIDprobe/Nprobe Downloads
Computer Laboratory > Research > Systems Research Group > NetOS > GRIDprobe / Nprobe > GRIDprobe/Nprobe Downloads

GRIDprobe / Nprobe: Network protocol analysis

Nprobe/GRIDprobe Downloads

  • Nprobe - full release of monitor code, analysis suite and tools.


  • tcpfire - a faster alternative to tcpreplay.


  • checksumcheck - a tool to extract various statistics from a tcpdump file.

    cksumck.tar.bz2 or cksumck.tar.gz

  • udpcrc - another statistics extraction tool for tcpdump files. This is useful primarily for verifying the results of checksumcheck.


  • sktimers - a couple of patches and a simple tool which allow libpcap to use the high-precision clock on sk98 boards. Note this requires a modified sk98lin driver (a patch against Linux 2.6.9 is included in the tarball), and that it clobbers the ethernet header, and that it prevents sk98 cards from being used for non-sniffing purposes.


  • sk98_fast - a zero-copy network sniffer supporting out of order return and using the sk98 timers. It's possible to monitor links running at hundreds of megabits a second with this package.

    Note that if you want to use this with como-0.4, you'll need to apply a patch to como. CoMo unstable doesn't need any changes. There's also a brief document here describing how to get CoMo and this driver working together.

    A patch is also available to add support for this interface to libpcap-0.9.3.


  • drop_check - a simple tool for after-the-fact validation of zero-drop network sniffers. Looks for inconsistencies in a packet trace which might indicate that there are some packets missing, and produces an estimate of the drop rate.


  • tcpdemux - a flow demultiplexer. Takes a sequence of libpcap-format files such as might be captured by a sniffer, and produces a new file for every flow in the source trace.


  • tcpdemux.min - a version of the flow demultiplixer which is intended to be absolutely minimal. This isn't very useful by itself (it essentially does the demux and then throws the results away), but it might be useful as a basis for other analysers.