From 50b747f183ff46b14af34118314555e7eeaf02ff Mon Sep 17 00:00:00 2001 From: Matthias Cramer Date: Fri, 21 Mar 2025 00:09:57 +0100 Subject: [PATCH] Radme and install target --- Makefile | 11 +++++++++++ README.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 README.md diff --git a/Makefile b/Makefile index 894a5df..c496119 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,9 @@ OBJS = $(SRCS:.c=.o) # Executable name TARGET = pcapmirror +# Installation directory +PREFIX = /usr/local + # Default rule all: $(TARGET) @@ -33,6 +36,14 @@ $(TARGET): $(OBJS) clean: rm -f $(OBJS) $(TARGET) +# Install the executable +install: $(TARGET) + sudo install -D $(TARGET) $(PREFIX)/bin/$(TARGET) + +# Uninstall the executable +uninstall: + sudo rm -f $(PREFIX)/bin/$(TARGET) + # Run the executable (example) run: $(TARGET) sudo ./$(TARGET) -i eth0 -f "tcp port 80" -v \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..6072437 --- /dev/null +++ b/README.md @@ -0,0 +1,52 @@ +# pcapmirror + +pcapmirror is a command-line tool for capturing network traffic and mirroring it to a remote destination using TZSP encapsulation. It leverages the `libpcap` library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis. + +## Usage + +```bash +pcapmirror [options] +``` + +Options: + +-i : Specify the capture interface (e.g., eth0). +-f : Specify the capture filter in BPF syntax (e.g., tcp port 80). +-v: Enable verbose mode (prints packet information). +-h: Show this help message. +Example: + +To capture traffic on the eth0 interface, filter for TCP port 80, and send it to the destination, use the following command: + +```bash +sudo pcapmirror -i eth0 -f "tcp port 80" -v +``` + +Note: Running pcapmirror typically requires root privileges due to the use of libpcap for capturing network traffic. + +## Compile and Install + +Compile the program: +```bash +make +``` + +Install the program: +```bash +make install +``` + +This will copy the pcapmirror executable to bin. You may need to adjust the PREFIX variable in the Makefile if you want to install it to a different location. + +Dependencies +libpcap: You need to have libpcap installed on your system. On Debian/Ubuntu systems, you can install it using: +```bash +sudo apt-get install libpcap-dev +``` + +On Fedora/CentOS/RHEL systems, you can install it using: +```bash +sudo yum install libpcap-devel +``` + +