PCAP-over-IP
   HOME

TheInfoList



Click Here for Items Related To - PCAP-over-IP
OR:
PCAP-over-IP on:   [Wikipedia]   [Google]   [Amazon]

PCAP-over-IP is a method for transmitting captured network traffic through a TCP connection. The captured network traffic is transferred over TCP as a
PCAP In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of ''packet capture'', that is not the API's proper name. Unix-like systems ...
file in order to preserve relevant metadata about the packets, such as timestamps.


Background and etymology

The first known use of the term PCAP-over-IP is by Packet Forensics in 2011. However, the concept behind PCAP-over-IP was mentioned already in 2008 as part of a feature request for
Wireshark Wireshark is a Free and open-source software, free and open-source packet analyzer. It is used for computer network, network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, ...
. The need for this feature was motivated as follows: "This feature is useful when the capture is generated on a machine which does not have much storage (e.g. embedded system). E.g., ipmb_traced application available on Pigeon Point shelf managers can transmit the capture over the TCP connection without writing it to the filesystem."


Use cases

Common use cases for PCAP-over-IP include: * Transmitting captured network traffic in real time to one or more remote machines * Transferring network traffic to other applications on the same host * Providing decrypted traffic from a TLS interception proxy to a
packet analyzer A packet analyzer (also packet sniffer or network analyzer) is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capt ...
or
IDS IDS may refer to: Computing * IBM Informix Dynamic Server, a relational database management system * Ideographic Description Sequence, describing a Unihan character as a combination of other characters * Integrated Data Store, one of the first d ...
.


Software with PCAP-over-IP support

* Arkime * NetworkMiner * pcap-broker * PolarProxy *
Wireshark Wireshark is a Free and open-source software, free and open-source packet analyzer. It is used for computer network, network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, ...
* Xplico *
Zeek Zeek is a free and open-source software network analysis framework. Vern Paxson began development work on Zeek in 1995 at Lawrence Berkeley National Lab. Zeek is a network security monitor (NSM) but can also be used as a network intrusion detecti ...


Workarounds

Software that can sniff network traffic, but doesn't support PCAP-over-IP, can read packets from a PCAP-over-IP provider with help of a
netcat netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using Transmission Control Protocol, TCP or User Datagram Protocol, UDP. The command (computing), command is designed to be a ...
and
tcpreplay Packet crafting is a technique that allows network administrators to probe Firewall (computing), firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating Packet (information technology), pac ...
combo. nc ERVER57012 , tcpreplay -i eth0 -t -


References

{{reflist Computer network analysis