2.11 GPL (GNU General Public License)    
  not rated
etherdump project is a very small and efficient ethernet sniffer.





etherdump project is a very small and efficient ethernet sniffer.

EtherDump is a fork by Peter Willis of ipdump2-pre1 (by Christophe Devine) with a few small improvements and feature add-ons with the end result being able to stream raw frames over a network and eventually convert them into pcap format and import into a pcap-reading prog of your choice (I personally love Ethereal).

Pretty simple use; just run the prog with no arguments and you will get the usage instructions. Log a session to a file using ASCII hex dump and when you are done run `text2pcap hex_dump pcap_file' and read `pcap_file' with Ethereal or another libpcap-aware program.

Since version 2.01 EtherDump supports some minimal packet filtering rules. Some of the rules you can use are "proto" or "protocol", "sport" or "sourceport", "dport" or "destinationport", "src" or "source", and "dst" or "destination". You can also give "!" or "not" to negate a particular rule.

If you execute EtherDump from a symlink named "tcpdump", the default print out method is tcpdump-like.

On uClibc the compiled size is ~8kB so this is very well suited for embedded systems where you want to debug a network interface but don't have room for a whole libpcap+application_layer program. Instead just combine netcat or a CGI script + httpd with EtherDump and read the traffic (converted to pcap) on another machine on the network.

What's New in This Release:

· Changes by Peter Willis since 2.0:
· Changed configuration option to reflect new name is "etherdump", not "packetdump". -p is now -e.
· Added basic [ipv4] filtering rules.
· Improved tcpdump output.
· If etherdump was run as a program named tcpdump, defaults to tcpdump-like output.
· Added -i to specify interface.
· If EtherDump is executed as "tcpdump", tcpdump-like output is the default output type.
Last updated on March 24th, 2012

0 User reviews so far.