justniffer is a tcp packet sniffer
Justniffer is a tcp packet sniffer. It can log network traffic in a 'standard' (web server like) or in a customized way. It can also log response times, useful for tracking network services performances (e.g. web server, application server, etc.).
Main differences from other sniffers
Most of the sniffers are divided into two categories, packet an text sniffers. Both suffer from incompleteness of information that may be collected and analyzed
* Textmode sniffers usually rebuild TCP stream but cannot collect low level information such as timestamps. They often rebuild the tcp flow in a too simplistic way and fail when dealing with complex TCP/IP issues (reordering, retransmission, reassemlbying, etc). TCP reassembling and reordering is a complex exercise, and require a deep knowledge of TCP/IP protocol and long experience in the field. Usually,they are useful for pure grabbing content from network traffic. Justniffer was born to help in toubleshooting perfomance in network tcp based services : HTTP, JDBC, RTSP, SIP, SMTP, IMAP, POP, LDAP, etc.
It can collect low and hight level protocol and performance info reconstructing the tcp flow in a reliable way using portions of the Linux Kernel code. Precisely, it uses a slightly modified version of the libnids libraries that already include a modified version of linux kernel code in a more reusable way.
You can extend traffic analisys with external scripts (bash, python, or any executable). An example is provided: justniffer-grab-http-traffic script use justniffer to saves files (images, text, html pages, javascript, flash, video, etc) captured from HTTP traffic.
Justniffer can generate logs in a customizable way. For example it can mimic the apache access_log http://justniffer.sourceforge.net/
