tracemcast

tracemcast is a libtrace tool that can be used to distribute captured packets to multiple interested clients over a multicast protocol. tracemcast was added to libtrace in version 4.0.12.

Many capture interfaces only allow one process to read packets from them at a time. If you have multiple processes that want to simultaneously receive the same capture stream, you can use tracemcast to multiplex the captured packets to all of those processes at once.

If you need guaranteed delivery of the capture stream and only intend for a single process to receive that stream, you may want to consider traceucast instead.

Usage

tracemcast
    -g <multicast address>
    -s <source address>
    -p <beacon port>
    -m <monitor id>
    [ -M <mtu> ]
    [ -t <threads> ]
    [ -f <filterstring> ]

Options

-g <address> Send the multicast packets to the group described by this address, e.g. 224.0.0.1.

-s <source address> Send the multicast packets using the interface that this IP address is on.

-p <beacon port> Send the multicast beacon packets on this UDP port. Clients will join this group first and the beacons will tell them which groups to join to receive all of the packet streams.

-m <monitor id> Sets a unique monitor ID that can be used by clients to distinguish packets from this multicaster instance from those sent by other instances to the same group.

-M <mtu> Ensures that no multicast messages are larger than this number of bytes (not including IP, UDP or other headers). To be safe, set this to your expected MTU minus 100 bytes. Defaults to 8900 bytes.

-t <threads> Use this number of packet processing threads to consume packets from the input source. Each thread that is used will create a corresponding multicast stream.

-f <filterstring> Only emit packets that match this BPF expression.

Example

Multiplexing packets captured on eth0 out to clients via eth3 (assuming eth3 has the IP address 10.0.0.1 bound to it). eth3 has an MTU of 1500 and we want to set our monitor id to '7'.

tracemcast -s 10.0.0.1 -t 2 -g 225.0.0.1 -p 9999 -M 1400 -m 7 ring:eth0

A client could then receive those packets by doing (using tracertstats as an example client here):

tracertstats -i 1 -t 2 ndag:eth3,225.0.0.1,9999

Note: this assumes that eth3 on the client is connected to the same network as eth3 on the multicasting host -- you may need to use a different interface name if the client and multicaster interface names don't match.

Notes

All libtrace tools and programs from 4.0.10 onwards should be able to receive and process packets sent using the nDAG multicast protocol.

tracemcast

Usage

Options

Example

Notes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally