traceucast

traceucast is a libtrace tool that can be used to distribute captured packets to a single remote client over TCP. traceucast was added to libtrace in version 4.0.23.

This is a unicast point-to-point version of the tracemcast tool. The main advantage of traceucast over tracemcast is that it uses TCP so the delivery of the captured packets to their destination is reliable.

The downsides are:

traceucast can only send the packets to a single client, so it can't be used to multiplex captured traffic to multiple processes.
the maximum traffic throughput that traceucast can cope with is likely to be less than what tracemcast can handle.

Usage

traceucast
    -c <client address>
    -p <beacon port>
    -m <monitor id>
    [ -t <threads> ]
    [ -f <filterstring> ]

Options

-c <address> Send the captured packets to this unicast IP address e.g. 10.0.0.1.

-p <beacon port> Send the beacon packets to this TCP port. traceucast will connect on this port first and the beacons will tell them which other ports to connect to distribute all of the packet streams.

-m <monitor id> Sets a unique monitor ID that can be used by clients to distinguish packets from this unicaster instance from those sent by other instances to the same client.

-t <threads> Use this number of packet processing threads to consume packets from the input source. Each thread that is used will create a corresponding unicast TCP stream.

-f <filterstring> Only emit packets that match this BPF expression.

Example

Transferring packets captured on eth0 out to a client listening on 10.0.0.1:9999 for a beacon connection. We want to set our monitor id to '7'.

traceucast -t 2 -c 10.0.0.1 -p 9999 -m 7 ring:eth0

A client that is listening on 10.0.0.1 using interface eth3 could then receive those packets by doing (using tracertstats as an example client here):

tracertstats -i 1 -t 2 ndagtcp:eth3,10.0.0.1,9999

Notes

All libtrace tools and programs from 4.0.23 onwards should be able to receive and process packets sent using the nDAG TCP unicast protocol.

Note that the ndagtcp: URI must be used to receive traffic from a traceucast instance (as opposed to the ndag: URI that you might be familar with from previous use of tracemcast).

traceucast

Usage

Options

Example

Notes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally