The next generation of traffic capture software.
You can download it directly from the release page. Please note that you need to have installed the npcap driver on Windows (it will be automatically installed when you install Wireshark or nmap, or you can download and install it manually, then select winpcap compatibility mode when installing).
Because musl cannot compile with libpcap, and the results compiled with gnu cannot be migrated to different Linux distributions (complex glibc version issues), the download page will only provides downloads of musl based on libpnet by default. If you want to use xxpdump based on libpcap (more efficient), please use the following commands to install it.
You need to install the libpcap library and libclang on your machine in advance.
For Debian/Ubuntu:
sudo apt install libpcap-dev libclang-devcargo install xxpdump --features "libpcap"On Windows, there is only npcap as the underlying library option (regardless of whether the underlying library is libpcap or libpnet).
Download the npcap-sdk file from the npcap official website and compile it yourself.
Change the path below to the path where your Packet.lib is located.
$env:LIB="D:\test"Then install it through command.
cargo install xxpdump --features "libpnet"| Platform | Note |
|---|---|
| Linux | supported |
| Unix (*BSD, MacOS) | supported |
| Windows | supported (winpcap or npcap) |
The classic packet capture software tcpdump is outdated.
My reasons are as follows:
- The tcpdump does not support remote backup traffic.
- The tcpdump is not memory safe (it is written in C language).
- The tcpdump does not support modern file format
pcapngwell.
The opportunity for the birth of this software is that I have a server with a small memory and a small hard disk (which means I can't directly back up the traffic on this server and store it locally). I want to try to back up the traffic of this server to a backup server with a large hard disk, but the current tcpdump and other series of software cannot natively support remote transmission backup.
Discussion about pcap has been moved to the pcapture readme page (2025-4-28)
Very simple to start using, capture all traffics on all interfaces.
xxpdump -w xxpdump.pcapngOr specify interface.
xxpdump -i ens33 -w xxpdump.pcapngCapture the traffic and apply filter.
xxpdump -i ens33 -w xxpdump.pcapng -f 'tcp and (host 192.168.1.1 or host 192.168.1.2) and dst port 80'Capture the traffic and split according to time.
xxpdump -i ens33 -w xxpdump.pcapng --rotate 60sCapture the traffic and split according to file size.
xxpdump -i ens33 -w xxpdump.pcapng --file-size 10MCapture the traffic and split according to packet count.
xxpdump -i ens33 -w xxpdump.pcapng --count 1024Client
xxpdump --mode client -i ens33 --server-addr '127.0.0.1:12345'Server
This software does not guarantee the security of transmission, so the user needs to build a secure tunnel for this transmission (such as ssh tunnel, etc.).
xxpdump --mode server --server-addr '127.0.0.1:12345' --rotate 1hOr
xxpdump --mode server --server-addr '127.0.0.1:12345' --file-size 100MOr
xxpdump --mode server --server-addr '127.0.0.1:12345' --count 1024