catnip is a tiny network packet mirroring tool. The server (source) is not based on libpcap and, when compiled and stripped, makes the binary smaller than 20kiB. This makes it very suitable for embedded environments where a libpcap-based tool, typically 100kiB for just libpcap and 500kiB for tcpdump, would be simply too large. What makes catnip stand out from other small packet capturing tools is that it presents the remote systems interface as a local TUN/TAP interface, but additionally can apply a BPF filter at the remote end to send to you only the traffic you are interested in.
|Tags||Packet Capturing Embedded Systems|
Release Notes: This release moves to presenting a TUN/TAP interface on the client. Packets which appear on the local interface are packets from the remote system mirrored to you, after an optional BPF filter has been applied.
Release Notes: This release has moved to the GPLv3 and has help/version options when calling catnip. It has support for dropping privileges from root when possible.