cramer/pcapmirror
1
0
Fork 1
mirror of https://git.freestone.net/cramer/pcapmirror.git synced 2025-12-31 12:00:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
4d25135e5858ab91b83d676506e94bbf107241aa
pcapmirror/pcapmirror.8
Matthias Cramer 9fcac378ae additional parameters
2025-04-03 20:39:31 +02:00

73 lines
2.0 KiB
Groff
Raw Blame History

.TH PCAPMIRROR 1 "March 24, 2025" "pcapmirror 0.5" "User Commands"
.SH NAME
pcapmirror \- A command-line tool for capturing and mirroring network traffic
.SH SYNOPSIS
.B pcapmirror
[\fIoptions\fR]
.SH DESCRIPTION
.B pcapmirror
is a command-line tool for capturing network traffic and mirroring it to a remote destination using TZSP encapsulation. It leverages the \fBlibpcap\fR library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis.
.SH OPTIONS
.TP
.B \-i \fIinterface\fR
Specify the capture interface (e.g., eth0).
.TP
.B \-f \fIfilter\fR
Specify the capture filter in BPF syntax (e.g., tcp port 80).
.TP
.B \-r \fIhost/ipv4/ipv6\fR
Specify the destination host (required).
.TP
.B \-p \fIport\fR
Specify the destination port (default: 37008).
.TP
.B \-e
Use ERSPAN encapsulation.
.TP
.B \-s \fIsource_ip\fR
Specify the source IP address (required for ERSPAN).
.TP
.B \-S \fIsession_id\fR
Specify the session ID (default: 42, must be between 0 and 1023)
.TP
.B \-4
Force IPv4 host lookup.
.TP
.B \-6
Force IPv6 host lookup.
.TP
.B \-l
List available network interfaces.
.TP
.B \-v
Enable verbose mode (prints packet information).
.TP
.B \-c
Count matching packets (overrides verbose mode)
.TP
.B \-h
Show this help message.
.SH EXAMPLES
To capture traffic on the eth0 interface, filter for TCP port 80, and send it to the destination, use the following command:
.EX
sudo pcapmirror -i eth0 -f "tcp port 80" -r 192.168.1.100 -p 47008 -v
.EE
.SH USAGE WITH WIRESHARK
With this tool, you can mirror traffic directly to a running Wireshark.
To avoid capturing traffic from your own monitoring machine, configure Wireshark with a capture filter of udp port 37008 or udp dst port 37008. Also, verify that your firewall permits this UDP traffic.
.SH SEE ALSO
.BR bpf (2), tcpdump (1), wireshark (1), pcap (3)
.SH AUTHOR
Matthias Cramer <cramer@freestone.net>
.SH COPYRIGHT
Copyright (c) 2025, Matthias Cramer. All rights reserved.
Reference in New Issue View Git Blame Copy Permalink