Junkie is a real-time packet sniffer and analyzer. It is modular enough to accomplish many different tasks. It can be a helpful companion to the modern network administrator and analyst. Compared to previously available tools, junkie lies in between tcpdump and wireshark. Unlike tcpdump, its purpose is to parse protocols of any depth; unlike wireshark, though, it is designed to analyze traffic in real-time and so cannot parse traffic as completely as wireshark does. In addition, its design encompasses extendability and speed. It has a plug-in system and high-level extension language that eases the development and combination of new functionalities; threaded packet capture and analysis for handling of high bandwidth networks; and a modular architecture to ease the addition of any protocol layer. It is based on libpcap for portability, and well-tested on professional settings.
|Tags||Network Guile Sniffer Packet inspection Packet Capturing Network Analysis|
|Licenses||Affero GPL v3 or more recent|
|Operating Systems||Linux BSD|
|Implementation||C Scheme libpcap|
Release Notes: This release adds many fixes, more or less important depending on which feature set you use. It's probably the last 2.4 version.
Release Notes: This release adds many fixes and ameliorations related to parsing TCP despite missing/unordered segments.
Release Notes: This release extracts more information from HTTP and provides more robust handling of missing TCP segments.
Release Notes: Many fixes regarding the network events description language, and some minor changes (a smarter deduplication process) and additions (such as a user-agent HTTP field addition to HTTP information).
Release Notes: This release fixes a problem in MIB.