RCDCap is a packet processing framework. At its core, it incorporates basic mechanisms for local and remote capturing and decapsulation of packets (CISCO ERSPAN and HP ERM are supported). It can be extended to support many types of packet-based traffic analysis by creating plug-ins and loading them in the main application. It includes many optimizations to ensure high performance traffic processing. Some of them are: multithreaded traffic processing; explicit thread pinning; configurable packet burst processing; support for PF_PACKET and PF_RING. It can be also used to inject the processed traffic to a TAP device or regular physical Ethernet interface. Its basic functuonalities make it a viable solution for preprocessing CISCO ERSPAN and HP ERM traffic which can be handed to some other application.

RCDCap offers its own set of plug-ins for doing different types of traffic analysis. Notably, it has its own plug-in for analysing NDP, ARP, DHCP and DHCPv6 traffic.

Features

  • CISCO ERSPAN decapsulation
  • HP ERM decapsulation
  • VLAN support (802.1Q and 802.1P)
  • Outputting to the standard output, pcap dump file, or a network device
  • Extendable through plug-ins
  • Multithreaded packet processing
  • Packet burst processing
  • Performance tuning
  • libpcap (PF_PACKET) and libpfring (PF_RING) support
  • UDP socket-based support of HP ERM
  • Plug-in: VLAN monitor
  • Plug-in: Experimental Python binding
  • Plug-in: DHCP, DHCPv6, NDP and ARP monitor
  • Supported platforms: Linux and Windows

Project Activity

See All Activity >

Categories

Networking

License

GNU General Public License version 3.0 (GPLv3)

Follow RCDCap

RCDCap Web Site

Other Useful Business Software
Get Avast Free Antivirus | Your top-rated shield against malware and online scams Icon
Get Avast Free Antivirus | Your top-rated shield against malware and online scams

Boost your PC's defense against cyberthreats and web-based scams.

Our antivirus software scans for security and performance issues and helps you to fix them instantly. It also protects you in real time by analyzing unknown files before they reach your desktop PC or laptop — all for free.
Free Download
Rate This Project
Login To Rate This Project

User Ratings

★★★★★
★★★★
★★★
★★
2
1
0
0
0
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

User Reviews

  • Many thanks for this great project! We use it in several environments supporting our NIDS deployments. We are definitely contributing to your beer fund! :)
  • Excellent
  • I use RCDCap to terminate an ERSPAN. It listens on a PF_RING-enabled interface, and the interface the network security apps listen on is PF_RING-enabled. It's high-performance, and does not seem to be dropping packets or overflowing buffers. I had to modify the build files a bit to get it to use a later version of the Boost libraries (1.55), and again to link it to the static pfring library, but it all worked in the end. It would be nice to see the ability to just strip vlan tags as well as filter traffic based on BPF rules. I've dug into the code a little, and it seems to be well designed and easily extensible, though, so I will try to give it a shot.
Read more reviews >

Additional Project Details

Operating Systems

Linux

Languages

English

Intended Audience

Telecommunications Industry, System Administrators, Security Professionals

User Interface

Command-line

Programming Language

C++

Related Categories

C++ Networking Software

Registered

2012-04-19