cramer/pcapmirror
1
0
Fork 1
mirror of https://git.freestone.net/cramer/pcapmirror.git synced 2025-12-31 03:50:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
57 Commits 1 Branch 26 Tags
c6584cde87f36a2275b0c642af4dc21d3c9f5035
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Matthias Cramer c6584cde87 typo
2025-03-23 13:57:37 +01:00
debian
version bump to 0.3
2025-03-22 16:40:49 +01:00
logo
updated readme and added logos
2025-03-23 11:20:39 +01:00
.gitignore
man install fix
2025-03-22 16:31:16 +01:00
.gitlab-ci.yml
typo
2025-03-23 13:57:37 +01:00
LICENSE
Copyright and Wireshark
2025-03-21 08:02:38 +01:00
main.c
propper ip6 support, raspberry builds
2025-03-23 13:55:17 +01:00
Makefile
man install fix
2025-03-22 16:31:16 +01:00
pcapmirror.8
propper ip6 support, raspberry builds
2025-03-23 13:55:17 +01:00
pcapmirror.spec
version bump to 0.3
2025-03-22 16:40:49 +01:00
README.md
propper ip6 support, raspberry builds
2025-03-23 13:55:17 +01:00

README.md

pcapmirror

pcapmirror logo

pcapmirror is a command-line tool for capturing network traffic and mirroring it to a remote destination using TZSP encapsulation. It leverages the libpcap library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis.

Usage

pcapmirror [options]

Options:

  • -i Specify the capture interface
  • -f Specify the capture filter (BPF syntax)
  • -r <host/ipv4/ipv6> Specify the destination host (required)
  • -p Specify the destination port (default: 37008)
  • -4 Force IPv4 host lookup
  • -6 Force IPv6 host lookup
  • -v Enable verbose mode
  • -h Show this help message

Example:

To capture traffic on the eth0 interface, filter for TCP port 80, and send it to the destination, use the following command:

sudo pcapmirror -i eth0 -f "tcp port 80" -r 192.168.1.100 -p 47008 -v

Note: Running pcapmirror typically requires root privileges due to the use of libpcap for capturing network traffic.

Usage with wireshark

With this tool, you can mirror traffic directly to a running Wireshark.

To avoid capturing traffic from your own monitoring machine, configure Wireshark with a capture filter of udp port 37008 or udp dst port 37008. Also, verify that your firewall permits this UDP traffic.

Compile and Install

Compile the program:

make

Install the program:

make install

This will copy the pcapmirror executable to bin. You may need to adjust the PREFIX variable in the Makefile if you want to install it to a different location.

Dependencies

libpcap: You need to have libpcap installed on your system. On Debian/Ubuntu systems, you can install it using:

sudo apt-get install libpcap-dev

On Fedora/CentOS/RHEL systems, you can install it using:

sudo yum install libpcap-devel

Build debian package

If you have never built a debian package you probably need debhelper:

sudo apt-get install debhelper

Then build the package with this command.

dpkg-buildpackage -uc -us
Description
A simple packet mirroring tool using libpcap pcapmirror is a command-line tool for capturing network traffic and mirroring it to a remote destination using TZSP encapsulation. It leverages the libpcap library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis.
Readme BSD-3-Clause 786 KiB
Languages
C 88%
Roff 7.7%
Makefile 4.3%