Information, Linux Distributions, OpenSourceSoftware, Security

multicap – multi interface networkstream dump daemon

Two weeks ago, I was made aware of a new tool to do packet captures with that looks promising. The initial commit seems to be from 2010-10-27 from the looks of the git repo found here.

To test it,
git clone git://git.carnivore.it/multicap.git
cd multicap
autoreconf -i
./configure
make
sudo ./multicap -w /tmp/ -c $PWD/multicap.conf.dist

You will find your pcaps under /tmp/var/log/multicap/.

I specially like the possibilities with this tool, that I can read/interpret from the config file. You can do “multi-sniffing”, writing to different logfiles filtered on BPF, specify different interfaces, snaplength, log rotation… Take a look at the configfile to see what I mean.
This is a tool to keep an eye on!
The project is young it seems, as passing –help option to multicap does not say anything…
Looking at the code, I know why 🙂

// show_version(NULL);

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s