Library and tools for working with network packet streams (traces) from a DPMI MA (measurement area) with one or more measurement points.
It features tools for working with captured traces, including capture, splitting, merging, filtering, converting and displaying traces. Offline traces are similar to pcap (tcpdump, wireshark) but contains additional metadata and higher precision timestamps but most tools work just as well with live streams.
The library serves as a starting point for writing consumers which can perform live or offline analyzis (e.g. bitrate, oneway-delay, etc) of the captured streams (traces).
Documentation is available at http://libcap-utils.readthedocs.io/en/latest/. The public API headers also contains lots of documentations for library usage.
See Installing for details.
autoreconf -si
mkdir build; cd build
../configure
make
sudo make install
Most tools have manpages and all of them support --help.
cap2pcap- convert cap to pcap (libcap_utils to tcpdump).capdump- read a live stream (e.g. from a MP) and dump the trace to a file.capfilter- apply filters to a trace.capinfo- short information and generic statistics of a trace.capmarker- send a special marker packet through a live stream (easily identifiable by libcap_utils when doing analyzis).capmerge- merge two or more traces.capshow- display packets in a trace (tcpdump-style).capwalk- display packets in a trace (verbose deep decoding of all packets)ifstat- debugging utilitypcap2cap- convert pcap to cap (tcpdump to libcap_utils).
The preferred way to submit patches is to fork the project and submit a pull request. You can also email patches generated using git format-patch or a regular diff -u.
- Version 0.7 is reassemblied from the numerous different versions and with lots of code fixes. Major rewrite.
- Version 0.5 and 0.6 are almost the same, version 0.6 has fixed some bugs and added support for both full and variable size frames.
- Version >0.5, supports network streams (Ethernet, UDP and TCP) and files.
- Version 0.3, supports only files.