rcdcap

We have hosted the application rcdcap in order to run this application in our online workstations with Wine or directly.

Quick description about rcdcap:

RCDCap is a packet processing framework. At its core, it incorporates basic mechanisms for local and remote capturing and decapsulation of packets (CISCO ERSPAN and HP ERM are supported). It can be extended to support many types of packet-based traffic analysis by creating plug-ins and loading them in the main application. It includes many optimizations to ensure high performance traffic processing. Some of them are: multithreaded traffic processing; explicit thread pinning; configurable packet burst processing; support for PF_PACKET and PF_RING. It can be also used to inject the processed traffic to a TAP device or regular physical Ethernet interface. Its basic functuonalities make it a viable solution for preprocessing CISCO ERSPAN and HP ERM traffic which can be handed to some other application.

RCDCap offers its own set of plug-ins for doing different types of traffic analysis. Notably, it has its own plug-in for analysing NDP, ARP, DHCP and DHCPv6 traffic.

Features:

• CISCO ERSPAN decapsulation
• HP ERM decapsulation
• VLAN support (802.1Q and 802.1P)
• Outputting to the standard output, pcap dump file, or a network device
• Extendable through plug-ins
• Multithreaded packet processing
• Packet burst processing
• Performance tuning
• libpcap (PF_PACKET) and libpfring (PF_RING) support
• UDP socket-based support of HP ERM
• Plug-in: VLAN monitor
• Plug-in: Experimental Python binding
• Plug-in: DHCP, DHCPv6, NDP and ARP monitor
• Supported platforms: Linux and Windows

Audience: Telecommunications Industry, System Administrators, Security Professionals.
User interface: Command-line.
Programming Language: C++.

.