Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

README

Net2PCAP is a simple network to pcap capture file for Linux. Its goal
is to be as simple as possible (hence auditable) so that good
confidence can be reached, for it to be used in hostile
environments.

It does not require any library except a bit of libc. It does not do
anything except dumping network traffic from an interface to a pcap
file. It is less than 600 lines of C. Please audit it !

Comparison with tcpdump

  * Yes, tcpdump -w capfile can do almost the same. But the goal of
    tcpdump is network debugging (thus, lot of options, packet
    disassembly, etc.). The goal of net2pcap is to capture traffic into
    a file in hostile environments (honeypots, internet, etc.) for
    future analysis.
  * net2pcap can run in daemon mode
  * net2pcap can reopen its capture file (SIGHUP) (used for capture file rotation)
  * net2pcap does not do anything else than reading from network and dumping to file
  * net2pcap does not use libpcap
  * net2pcap drops its privileges
  * net2pcap sandboxes itself (if libseccomp is available)
  * net2pcap runs only on Linux
  * net2pcap is auditable (less than 600 lines)

Original code from Philippe Biondi, bugs added by Nicolas Bareil :)

About

Net2PCAP is a simple network-to-pcap capture file for Linux. Its goal is to be as simple as possible to be used in hostile environments

Topics

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.