RCDCap is a packet processing framework. At its core, it incorporates basic mechanisms for local and remote capturing and decapsulation of packets (CISCO ERSPAN and HP ERM are supported). It can be extended to support many types of packet-based traffic analysis by creating plug-ins and loading them in the main application. It includes many optimizations to ensure high performance traffic processing. Some of them are: multithreaded traffic processing; explicit thread pinning; configurable packet burst processing; support for PF_PACKET and PF_RING. It can be also used to inject the processed traffic to a TAP device or regular physical Ethernet interface. Its basic functuonalities make it a viable solution for preprocessing CISCO ERSPAN and HP ERM traffic which can be handed to some other application.

RCDCap offers its own set of plug-ins for doing different types of traffic analysis. Notably, it has its own plug-in for analysing NDP, ARP, DHCP and DHCPv6 traffic.

Features

  • CISCO ERSPAN decapsulation
  • HP ERM decapsulation
  • VLAN support (802.1Q and 802.1P)
  • Outputting to the standard output, pcap dump file, or a network device
  • Extendable through plug-ins
  • Multithreaded packet processing
  • Packet burst processing
  • Performance tuning
  • libpcap (PF_PACKET) and libpfring (PF_RING) support
  • UDP socket-based support of HP ERM
  • Plug-in: VLAN monitor
  • Plug-in: Experimental Python binding
  • Plug-in: DHCP, DHCPv6, NDP and ARP monitor
  • Supported platforms: Linux and Windows

Project Activity

See All Activity >

Categories

Networking

License

GNU General Public License version 3.0 (GPLv3)

Follow RCDCap

RCDCap Web Site

Other Useful Business Software
Our Free Plans just got better! | Auth0 Icon
Our Free Plans just got better! | Auth0

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
Try free now
Rate This Project
Login To Rate This Project

User Ratings

4.7 out of 5 stars
★★★★★
★★★★
★★★
★★
2
1
0
0
0
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

User Reviews

Filter Reviews:
All
  • tony-cc Posted 2020-04-17
    Many thanks for this great project! We use it in several environments supporting our NIDS deployments. We are definitely contributing to your beer fund! :)
  • ccoqueiro Posted 2017-06-02
    Excellent
  • petiepooo Posted 2016-12-14
    I use RCDCap to terminate an ERSPAN. It listens on a PF_RING-enabled interface, and the interface the network security apps listen on is PF_RING-enabled. It's high-performance, and does not seem to be dropping packets or overflowing buffers. I had to modify the build files a bit to get it to use a later version of the Boost libraries (1.55), and again to link it to the static pfring library, but it all worked in the end. It would be nice to see the ability to just strip vlan tags as well as filter traffic based on BPF rules. I've dug into the code a little, and it seems to be well designed and easily extensible, though, so I will try to give it a shot.
Read more reviews >

Additional Project Details

Operating Systems

Linux

Languages

English

Intended Audience

Telecommunications Industry, System Administrators, Security Professionals

User Interface

Command-line

Programming Language

C++

Related Categories

C++ Networking Software

Registered

2012-04-19
Report inappropriate content