Two weeks ago, I was made aware of a new tool to do packet captures with that looks promising. The initial commit seems to be from 2010-10-27 from the looks of the git repo found here.
To test it,
git clone git://git.carnivore.it/multicap.git
sudo ./multicap -w /tmp/ -c $PWD/multicap.conf.dist
You will find your pcaps under /tmp/var/log/multicap/.
I specially like the possibilities with this tool, that I can read/interpret from the config file. You can do “multi-sniffing”, writing to different logfiles filtered on BPF, specify different interfaces, snaplength, log rotation… Take a look at the configfile to see what I mean.
This is a tool to keep an eye on!
The project is young it seems, as passing –help option to multicap does not say anything…
Looking at the code, I know why 🙂