{"id":29890645,"url":"https://github.com/matthewfield/pcaptop","last_synced_at":"2026-05-03T12:35:31.141Z","repository":{"id":306679423,"uuid":"1026924341","full_name":"matthewfield/pcaptop","owner":"matthewfield","description":"Ncurses based terminal command for displaying top inbound network traffic sources using libpcap","archived":false,"fork":false,"pushed_at":"2026-03-03T04:31:28.000Z","size":1320,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-03T08:34:46.964Z","etag":null,"topics":["command-line","cpp","incoming","libpcap","linux","macosx","monitor","ncurses","network","terminal","traffic"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/matthewfield.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-26T23:11:42.000Z","updated_at":"2026-03-03T04:31:31.000Z","dependencies_parsed_at":"2025-07-27T02:50:49.577Z","dependency_job_id":"fe5befc4-02c2-4095-b519-cf35058126fa","html_url":"https://github.com/matthewfield/pcaptop","commit_stats":null,"previous_names":["matthewfield/pcaptop"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/matthewfield/pcaptop","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewfield%2Fpcaptop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewfield%2Fpcaptop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewfield%2Fpcaptop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewfield%2Fpcaptop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/matthewfield","download_url":"https://codeload.github.com/matthewfield/pcaptop/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matthewfield%2Fpcaptop/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32569714,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T06:36:36.687Z","status":"ssl_error","status_checked_at":"2026-05-03T06:36:09.306Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["command-line","cpp","incoming","libpcap","linux","macosx","monitor","ncurses","network","terminal","traffic"],"created_at":"2025-08-01T00:00:50.353Z","updated_at":"2026-05-03T12:35:31.134Z","avatar_url":"https://github.com/matthewfield.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pcaptop\n\n## Introduction\nAn ncurses based terminal command for displaying top inbound connections to a selected network interface using libpcap. Created when i needed a lightweight solution to use over SSH to be able to watch a server for SYN Flood DoS attacks in real time.\n\nIndividual IPs, or /24 networks can be ignored\n\nFiltered packet output from the left pane can optionally be sent concurrently to a log file with timestamps.\n\n## Keys:\n* Up/down - select from top list \n* I - ignore IP\n* S - ignore /16\n* N - ignore /24\n* U - undo last ignored\n* C - clear top list\n* A - clear ignore list\n* Q - quit\n\nC++17, Dependencies: libpcap-dev, libncurses-dev. Builds on OSX and Linux.\n\n## Installation\n\n```console\ngit clone https://github.com/matthewfield/pcaptop\ncd pcaptop\n\n```\nthen with CMake\n\n```console\ncmake .\nmake\n```\n\nor gcc\n```console\n\ng++ src/pcaptop.cpp src/cargs.c src/cargs.h pcaptop -lncurses -lpcap\n```\n\n## Usage\n\nNeeds to be run with sudo to capture traffic. \n\n```console\nsudo ./pcaptop -i en0\n```\n\nOnly required option is -i for interface. Running the bare pcaptop command will list available interfaces.\n\nAlternately - capture from en0, filtering only port 443 traffic, and log to output.txt at the same time.\n\n```console\nsudo ./pcaptop -i en0 -p 443 -l output.txt\n```\n\n## Screenshots etc\n\n![Command line options](screenshots/pcaptop_command.png?raw=true)\n\nFiltering can be by port, or for SYN packets only. SYN packets show up in yellow if terminal supports color, or with a S flag after them if not.\n\n![Unfiltered capture, SYN packets show up in yellow if terminal supports color, else with an S flag after](screenshots/pcaptop_unfiltered_with_syn_packets_in_yellow.png?raw=true)\n\n![Filtered capture, on port 443 displayed at top](screenshots/pcaptop_with_port_filter.png?raw=true)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatthewfield%2Fpcaptop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmatthewfield%2Fpcaptop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatthewfield%2Fpcaptop/lists"}