网络包处理工具NetBee

What is NetBee?

NetBee is a new library intended for several types of packet processing, such as packet sniffing and filtering, packet decoding, and traffic classification (not ready yet).

NetBee provides a set of modules that can be used by applications that need to process network packets. Instead of creating some custom code in your application for packet processing, you can use the functions exported by NetBee.

This library is made up of several components. It includes several objects for packet decoding, packet sniffing and filtering, traffic classification (not ready yet), and some miscellaneous utilities. Additionally, it includes some components (such as the NetPDL protocol definition language, the NetVM packet processing virtual machine) that are used to do its job, but their knowledge is not required from programmers using NetBee. For a list of features that are present in NetBee, please look at the introduction page.

Why NetBee?

NetBee is a powerful library for generic packet processing. NetBee is created by the same research group that created WinPcap, the de-facto standard for sniffing packets in Windows. However, WinPcap architecture (which is derived from its UNIX ancestor, libpcap) is rather old and it does not fit for nowadays needs. WinPcap is a perfect choice in case you need a powerful library for sniffing packets with cross platform compatibility (WinPcap and the UNIX-based libpcap are almost fully compatible). However, the architecture behind WinPcap (and libpcap) has not been engineered for supporting extensions and new modules for other kinds of processing in addition to packet sniffing.

This is the reason of NetBee: we feel that the effort needed to expand and update WinPcap cannot pay in the long term. We believe that the best choice is to create a new library from scratch, with a completely new architecture (object-based, for instance), open to extensions and ready to fit to new needs. NetBee, in fact. This guarantees an high degree of freedom but, of course, it will often lead to un-tested code due to the relative poor maturity of the library.

If you start using NetBee and you used WinPcap in the past, you will see that the interface (which is object oriented) is much cleaner than its ancestor. You can find it is pretty easy to read packets from the network as well as from a file or from some other source. This is due to the object-oriented architecture of NetBee. You will be surprised how easy is to use NetBee in your programs.

 

Please note that NetBee is highly experimental at the current stage; no guarantees are given that the API will not change in the future. Therefore, the current release must be intended as a proof of concept in order to share some ideas with the research community.

 

http://www.nbee.org/doku.php

posted @ 2014-10-27 10:16  Biiigfish  阅读(492)  评论(0编辑  收藏  举报