ANT Multi-Point Capture

mtracecap

A utility for capturing packets concurrently on several network devices and saving output in a single file while making an effort to minimize packet reordering in the output. This tool allows breaking output into multiple files based on size and time and compressing it on the fly by piping to a separate compression process.

  • mtracecap-0.6.tar.gz [SRPM] (version 0.6, 2020-01-31); current release

    • Fix segfault when omitting pipeout, all other options being the same (bugfix).
    • Fix non-deterministic segfault on terminating signal (bugfix).
    • Fix packet loss when reading from busy and sparse/dark inputs (bugfix).

  • mtracecap-0.5.tar.gz [SRPM] (version 0.5, 2019-09-27)

    • Mtracecap now opens and writes to a temp file (tmp-pid-...) which is renamed to normal timestamp-based name after the file is closed. This should help with the problem where scripts would pick it up for processing while the file was still being written to. (improvement)
    • First opened file was not properly closed, fixed. (bugfix)

  • mtracecap-0.4.tar.gz (version 0.4, 2019-04-10)

    • Cleaned up and working time-triggered rotation with -G option (bugfix, improvement)
    • Permissions bug for creating sequence number file (bugfix)
    • Empty file creation with valid PCAP header instead of zero-size

  • mtracecap-0.1.tar.gz (version 0.1, 2016-12-07)

    • initial release (0.1)

Purpose

This utility captures network traffic from several different sources, merges the output and writes out a single output stream. The stream may be optionally broken up into different timestamp-named files based on time duration or size. Further, before saving, the output may be compressed on the fly by piping it out through an external binary compressor. All compression would be done in a separate process, thus increasing total throughput.

Pre-Requisites

This package requires Libtrace version 4 or later. You can find more information about libtrace here.

Usage

mtracecap flags outputuri traceuri [traceuri...]
  or
mtracecap flags -B baseuri traceuri [traceuri...]

where flags are:
[-B | --baseuri] baseuri
    Output timestamped files to this baseuri
[-F | --filter] bpf
    Discard packets not matching the filter
[-G | --rotate-seconds] seconds
    Rotate output every so often, even if there are no packets
[-S | --rotate-sizemb] sizeMB
    Rotate output when it exceeds sizeMB
[-H | --libtrace-help]
    Print libtrace runtime documentation
[-h | --help]
    Print this help
[-s | --snaplen] bytes
    Capture this much of a packet
[-U | --use-utc]
    Use UTC in timestamping files
[-v | --verbose]
    Verbose output on stderr
[-W | --watchfile] filename
    Wait until the watchfile is created before proceeding with next segment
[-w | --maxwait_ms] wait_ms
[-z | --compress-level] level
    Sets compression level of output
[-Z | --compress-type] type
    Sets compression type
[--file-ext=<extension>]
    Sets output file extension (used with -B)
[--relinquish-privileges=<username>]
    Run capture as <username>
[--pipeout=<command>]
    Pipe output through <command> first