About netdumpd

netdumpd is a simple daemon which basically acts like a daemonized version of tcpdump. It sniffs network traffic on a particular interface and writes the packets it sees to a standard libpcap dump file.

netdumpd was written to log packet headers for statistical analysis by other programs which read pcap dump files such as bpfcount.

The main difference between netdumpd and any number of other programs which can dump network traffic (aside from the fact that it runs as a daemon) is that netdumpd is designed to handle log rotation correctly. When it receives a SIGHUP it will gracefully close and re-open the dump file it is currently writing to, which allows for the dump file to be rotated cleanly and without losing any packets.

News

Sep 11, 2005 - netdumpd 1.0.0 released

netdumpd 1.0.0 (initial public release) was released Sunday, September 11 2005.

Getting It

The latest stable version is 1.0.0 released Sunday, September 11 2005. A change log is available.

Source Code: netdumpd-1.0.0.tar.gz Browse Source Code

Documentation

README - General Information
INSTALL - Instructions on building from source
netdumpd.1 - The netdumpd man page
COPYING - Redistribution license. GNU GPL version 2.
ChangeLog - Change Log
NEWS - Project news archive

Feedback

If you come across a bug not listed in the README file or if you have any comments or questions feel free to email me (Steve Benson). Don't forget to remove the NOSPAMs from the email address there.