Skip to content

rikonaka/xxpdump-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
.cargo
.cargo
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE-APACHE
LICENSE-APACHE
 
 
LICENSE-MIT
LICENSE-MIT
 
 
README.md
README.md
 
 

Repository files navigation

xxpdump-rs

The next generation of traffic capture software.

Installation

Linux:

cargo install xxpdump

Windows:

Download the npcap-sdk file from the npcap official website and compile it yourself.

Change the path below to the path where your Packet.lib is located.

$env:LIB="D:\test"

Then install it through command.

cargo install xxpdump

Platform

Platform Note
Linux supported
Unix (*BSD, MacOS) supported
Windows supported (winpcap or npcap)

Why not tcpdump?

The classic packet capture software tcpdump is outdated.

My reasons are as follows:

  • The filter implementation of tcpdump is not very powerful.
  • The tcpdump does not support remote backup traffic.

The opportunity for the birth of this software is that I have a server with a small memory and a small hard disk (which means I can't directly back up the traffic on this server and store it locally). I want to try to back up the traffic of this server to a backup server with a large hard disk, but the current tcpdump and other series of software cannot natively support remote transmission backup.

Discussion about pcap has been moved to the pcapture readme page (2025-4-28)

Usage

Local Capture

Very simple to start using, capture all traffics on all interfaces.

xxpdump -p xxpdump.pcapng

Or specify interface.

xxpdump -i ens33 -p xxpdump.pcapng

Capture the traffic and apply filter.

xxpdump -i ens33 -p xxpdump.pcapng -f 'tcp and (ip=192.168.1.1 or ip=192.168.1.2) and dstport=80'

Capture the traffic and split according to time.

xxpdump -i ens33 -p xxpdump.pcapng --rotate 60s

Capture the traffic and split according to file size.

xxpdump -i ens33 -p xxpdump.pcapng --file-size 10M

Capture the traffic and split according to packet count.

xxpdump -i ens33 -p xxpdump.pcapng --count 1024

Remote Capture

Client

Running this command will generate a .client_uuid file locally to distinguish other clients.

Yes, this software supports different clients backing up to the same server.

xxpdump --mode client -i ens33 --server-addr '127.0.0.1:12345'

Server

This software does not guarantee the security of transmission, so the user needs to build a secure tunnel for this transmission (such as ssh tunnel, etc.).

xxpdump --mode server --server-addr '127.0.0.1:12345' --rotate 1h

Or

xxpdump --mode server --server-addr '127.0.0.1:12345' --file-size 100M

Or

xxpdump --mode server --server-addr '127.0.0.1:12345' --count 1024

About

The next generation of traffic capture software.

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Activity

Stars

7 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages