{"id":20669512,"url":"https://github.com/iitis/tracedump","last_synced_at":"2025-04-19T18:12:53.500Z","repository":{"id":2099368,"uuid":"3040320","full_name":"iitis/tracedump","owner":"iitis","description":"tcpdump of single programs","archived":false,"fork":false,"pushed_at":"2012-03-12T13:19:40.000Z","size":203,"stargazers_count":63,"open_issues_count":1,"forks_count":13,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-13T11:59:09.802Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://mutrics.iitis.pl/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iitis.png","metadata":{"files":{"readme":"README.markdown","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-12-23T13:47:03.000Z","updated_at":"2025-03-09T19:46:40.000Z","dependencies_parsed_at":"2022-08-29T00:20:24.631Z","dependency_job_id":null,"html_url":"https://github.com/iitis/tracedump","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iitis%2Ftracedump","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iitis%2Ftracedump/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iitis%2Ftracedump/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iitis%2Ftracedump/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iitis","download_url":"https://codeload.github.com/iitis/tracedump/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249760135,"owners_count":21321843,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T20:14:37.561Z","updated_at":"2025-04-19T18:12:53.481Z","avatar_url":"https://github.com/iitis.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"ABOUT\n=====\n\ntracedump - a single program sniffer\n\nThis program captures all TCP and UDP packets of a single program. It consists of three elements:\n\n 1. ptrace monitor - tracks bind(), connect() and sendto() syscalls and extracts local port numbers\n    that the traced application uses\n 2. pcap sniffer - using information from 1. it listens on an AF_PACKET/SOCK_DGRAM socket, with an\n    appropriate BPF filter attached\n 3. garbage collector - instead of monitoring for close() syscalls, this thread reads\n    /proc/net/{udp,tcp} files in order to detect the sockets that the application no longer uses\n\nAs the output, it generates a PCAP file with SLL-encapsulated IP packets - readable by eg.\nWireshark. It can be later used for detailed analysis of the networking operations made by a\nparticular application. For instance it might be useful for automatic systems of IP traffic\nclassification.\n\nMore information: http://mutrics.iitis.pl/tracedump\n\nCITING TRACEDUMP\n================\n\nPlease cite tracedump using the following publication:\n\nForemski P., \"Tracedump: A Novel Single Application IP Packet Sniffer\", Theoretical and Applied\nInformatics, Vol. 24 No. 1/2012, Gliwice 2012\n\nISSUES\n======\n\n * sometimes the traced process segfaults\n   * eg. Firefox started from tracedump\n   * eg. Chrome on restoring multiple tabs\n   * maybe more work on better ptrace transparency is required - especially on code injection?\n * cant start chromium-browser within tracedump, but attaching works (to appropriate pid)\n\nLIMITATIONS\n===========\n\n * IP packets past the first fragment will not be captured\n * there is a low probability of loosing TCP packets if the time distance between a particular\n   bind() system call and a connect() or listen() call is greater than 60 seconds\n * maximum number of monitored ports is limited to less than 300 ports, due to limits on the\n   BPF filter attached to the sniffing socket\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiitis%2Ftracedump","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiitis%2Ftracedump","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiitis%2Ftracedump/lists"}