ERSpan extractor

Description

erspan2pcap is a small statically linked, self contained command line utility that extracts the contents of ERSpanV2&V3 packets into a seperate nanoseccond PCAP file.

Example Usage:

$> ./erspan2pcap -i test/erspan-capture.pcap -o erspan-extracted.pcap erspan2pcap utility by http://fmad.io : contact [email protected] : Version Feb 3 2015 23:33:46 Micro PCAP ERSpan Histo V1 : 0 Pkts V2 : 0 Pkts V3 : 1,128 Pkts Port histo Ingress 6 : 237 Pkts 8 : 564 Pkts 5 : 158 Pkts 9 : 158 Pkts Egress 0 : 1 Pkts 28 : 2 Pkts 26 : 4 Pkts 40 : 2 Pkts 42 : 2 Pkts GRE Session Ingress : Pkts: 1,117 Drops: 0 Gaps: 0 Egress : Pkts: 11 Drops: 0 Gaps: 0 $>

Notes:
Drops - total number of packets missing from the GRE Stream sequence
Gaps - total number of gaps in the GRE Stream sequence numbers


Help


Arguments:

-h | show command line options
-i <input pcap containing encapsulated packets>
-o <output file name to write de-encapsulated packets>
--egressonly | output only egress packets from the stream (Requires ERSpanV3)
--ingressonly | output only ingress packets from the stream (Requires ERSpanV3)



Bug reports and feature requests are always welcome. contact us at [email protected]



Download

Version Linux 32b Linux 64b Changelog
20150203 download
MD5:0497d4f8444c02fd720df07cb1c7785d
- option to extract only ingress/egress traffic from the span session
20150203 download
MD5:dc4a44a7d76799c6af00591c3097f9de
- fixup for GRE Sessions
20150201 download
MD5:864afe8e5d1c485b0784e0915664d2e9
- First release
- Basic support for ERSpanV2 & V3
- no support for ERspanV3 timestamps