{"id":20115511,"url":"https://github.com/asphaltt/tc-dump","last_synced_at":"2025-05-06T13:32:49.675Z","repository":{"id":57760970,"uuid":"527587215","full_name":"Asphaltt/tc-dump","owner":"Asphaltt","description":"A network packet info dumping tool like tcpdump based on `tc-bpf`.","archived":false,"fork":false,"pushed_at":"2024-09-21T14:58:23.000Z","size":1294,"stargazers_count":39,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-09T12:42:51.165Z","etag":null,"topics":["ebpf","ebpf-co-re","go","golang","skb","tc","tc-dump"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Asphaltt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-08-22T13:54:24.000Z","updated_at":"2025-03-21T14:52:24.000Z","dependencies_parsed_at":"2023-11-28T13:53:19.248Z","dependency_job_id":null,"html_url":"https://github.com/Asphaltt/tc-dump","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Asphaltt%2Ftc-dump","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Asphaltt%2Ftc-dump/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Asphaltt%2Ftc-dump/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Asphaltt%2Ftc-dump/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Asphaltt","download_url":"https://codeload.github.com/Asphaltt/tc-dump/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252693725,"owners_count":21789748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","ebpf-co-re","go","golang","skb","tc","tc-dump"],"created_at":"2024-11-13T18:35:31.298Z","updated_at":"2025-05-06T13:32:49.113Z","avatar_url":"https://github.com/Asphaltt.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tc-dump\n\n`tc-dump` is a network packet information dumping tool like tcpdump. It's based\non [tc-bpf](https://man7.org/linux/man-pages/man8/tc-bpf.8.html).\n\nIt uses tc-filter ingress to dump incoming packets, uses tc-filter egress to\ndump outcoming packets.\n\n## Usage\n\n```bash\n# ./tc-dump -h\nUsage: ./tc-dump [options] [pcap-filter]\n    Available pcap-filter: see \"man 7 pcap-filter\"\n    Available options:\n  -d, --device strings       network devices to run tc-dump\n  -m, --filter-mark uint32   filter mark for tc-dump\n  -k, --keep-tc-qdisc        keep tc-qdisc when exit\npflag: help requested\n```\n\nAn output example:\n\n```bash\nifindex: 2(enp1s0) dir=egress mark=0x0(0)\n        ETH: 56:00:03:e1:40:a6 -\u003e fe:00:03:e1:40:a6, protocol IPv4\n        IPv4: 149.28.xx.yy -\u003e 118.200.xxx.yy, header length 20, dscp 0x10, total length 144, id 0x93f6, TTL 64, protocol TCP\n        TCP: 22 -\u003e 57680, seq 1116972675, ack 64800706, flags PSH,ACK, win 165\nifindex: 2(enp1s0) dir=egress mark=0x0(0)\n        ETH: 56:00:03:e1:40:a6 -\u003e fe:00:03:e1:40:a6, protocol IPv4\n        IPv4: 149.28.xx.yy -\u003e 118.200.xxx.yy, header length 20, dscp 0x10, total length 88, id 0x93f7, TTL 64, protocol TCP\n        TCP: 22 -\u003e 57680, seq 1116972767, ack 64800706, flags PSH,ACK, win 165\nifindex: 2(enp1s0) dir=egress mark=0x0(0)\n        ETH: 56:00:03:e1:40:a6 -\u003e fe:00:03:e1:40:a6, protocol IPv4\n        IPv4: 149.28.xx.yy -\u003e 118.200.xxx.yy, header length 20, dscp 0x10, total length 128, id 0x93f8, TTL 64, protocol TCP\n        TCP: 22 -\u003e 57680, seq 1116972803, ack 64800706, flags PSH,ACK, win 165\nifindex: 2(enp1s0) dir=egress mark=0x0(0)\n        ETH: 56:00:03:e1:40:a6 -\u003e fe:00:03:e1:40:a6, protocol IPv4\n        IPv4: 149.28.xx.yy -\u003e 118.200.xxx.yy, header length 20, dscp 0x10, total length 344, id 0x93f9, TTL 64, protocol TCP\n        TCP: 22 -\u003e 57680, seq 1116972879, ack 64800706, flags PSH,ACK, win 165\nifindex: 2(enp1s0) dir=egress mark=0x0(0)\n        ETH: 56:00:03:e1:40:a6 -\u003e fe:00:03:e1:40:a6, protocol IPv4\n        IPv4: 149.28.xx.yy -\u003e 118.200.xxx.yy, header length 20, dscp 0x10, total length 384, id 0x93fa, TTL 64, protocol TCP\n        TCP: 22 -\u003e 57680, seq 1116973171, ack 64800706, flags PSH,ACK, win 165\n```\n\n## Requirements\n\n`tc-dump` requires \u003e= 5.2 kernel to run.\n\n## Build\n\nWith latest `libpcap` installed, build `tc-dump` with:\n\n```bash\ngo generate\nCGO_ENABLED=1 go build\n# ignore cgo warnings\n```\n\nInstall latest `libpcap` on Ubuntu:\n\n```bash\n# Get latest libpcap from https://www.tcpdump.org/\nwget https://www.tcpdump.org/release/libpcap-1.10.4.tar.gz\ncd libpcap-1.10.4\n./configure --disable-rdma --disable-shared --disable-usb --disable-netmap --disable-bluetooth --disable-dbus --without-libnl\nmake\nsudo make install\n```\n\n## Recommended reference\n\n1. [Tcpdump advanced filters](https://blog.wains.be/2007/2007-10-01-tcpdump-advanced-filters/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasphaltt%2Ftc-dump","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fasphaltt%2Ftc-dump","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasphaltt%2Ftc-dump/lists"}