FreeStone/pcapmirror-test
1
0
Fork 0
forked from cramer/pcapmirror
Code Issues Pull Requests Actions Packages Releases Wiki Activity
48 Commits 1 Branch 26 Tags
3a078c5ba271833035fa6c4f618ec957f42fd60e
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Matthias Cramer 3a078c5ba2 try to upload artifacts to registry
2025-03-22 17:39:09 +01:00
debian
version bump to 0.3
2025-03-22 16:40:49 +01:00
.gitignore
man install fix
2025-03-22 16:31:16 +01:00
.gitlab-ci.yml
try to upload artifacts to registry
2025-03-22 17:39:09 +01:00
LICENSE
Copyright and Wireshark
2025-03-21 08:02:38 +01:00
main.c
Copyright and Wireshark
2025-03-21 08:02:38 +01:00
Makefile
man install fix
2025-03-22 16:31:16 +01:00
pcapmirror.8
version bump to 0.3
2025-03-22 16:40:49 +01:00
pcapmirror.spec
version bump to 0.3
2025-03-22 16:40:49 +01:00
README.md
Debianization
2025-03-21 16:28:55 +01:00

README.md

pcapmirror

pcapmirror is a command-line tool for capturing network traffic and mirroring it to a remote destination using TZSP encapsulation. It leverages the libpcap library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis.

Usage

pcapmirror [options]

Options:

  • -i : Specify the capture interface (e.g., eth0).
  • -f : Specify the capture filter in BPF syntax (e.g., tcp port 80).
  • -r <ip_address>: Specify the destination IP address (required).
  • -p : Specify the destination port (default: 37008).
  • -v: Enable verbose mode (prints packet information).
  • -h: Show this help message.

Example:

To capture traffic on the eth0 interface, filter for TCP port 80, and send it to the destination, use the following command:

sudo pcapmirror -i eth0 -f "tcp port 80" -r 192.168.1.100 -p 47008 -v

Note: Running pcapmirror typically requires root privileges due to the use of libpcap for capturing network traffic.

Usage with wireshark

With this tool, you can mirror traffic directly to a running Wireshark.

To avoid capturing traffic from your own monitoring machine, configure Wireshark with a capture filter of udp port 37008 or udp dst port 37008. Also, verify that your firewall permits this UDP traffic.

Compile and Install

Compile the program:

make

Install the program:

make install

This will copy the pcapmirror executable to bin. You may need to adjust the PREFIX variable in the Makefile if you want to install it to a different location.

Dependencies libpcap: You need to have libpcap installed on your system. On Debian/Ubuntu systems, you can install it using:

sudo apt-get install libpcap-dev

On Fedora/CentOS/RHEL systems, you can install it using:

sudo yum install libpcap-devel

Build debian package

If you have never built a debian pakage you probably need debhelper:

sudo apt-get install debhelper

Then build the package with this command.

dpkg-buildpackage -uc -us
Description
A simple packet mirroring tool using libpcap pcapmirror is a command-line tool for capturing network traffic and mirroring it to a remote destination using TZSP encapsulation. It leverages the libpcap library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis.
Readme BSD-3-Clause 750 KiB
Languages
C 88%
Roff 7.7%
Makefile 4.3%