Lib.rs

Network programming
#traffic #wireshark #tcpdump

app xxpdump

The next generation of traffic capture software

by isinstance

24 releases (4 breaking)

Uses new Rust 2024

0.5.0 May 12, 2026
0.4.8 Mar 25, 2026
0.4.4 Feb 14, 2026
0.4.0 Dec 30, 2025
0.1.6 Jul 29, 2025

#330 in Network programming

MIT/Apache

84KB
2K SLoC

xxpdump-rs

The next generation of traffic capture software.

Installation

Precompiled version

You can download it directly from the release page. Please note that you need to have installed the npcap driver on Windows (it will be automatically installed when you install Wireshark or nmap, or you can download and install it manually, then select winpcap compatibility mode when installing).

Because musl cannot compile with libpcap, and the results compiled with gnu cannot be migrated to different Linux distributions (complex glibc version issues), the download page will only provides downloads of musl based on libpnet by default. If you want to use xxpdump based on libpcap (more efficient), please use the following commands to install it.

Compile and install it yourself (Linux)

Libpcap

You need to install the libpcap library and libclang on your machine in advance.

For Debian/Ubuntu:

sudo apt install libpcap-dev libclang-dev

cargo install xxpdump --features "libpcap"

Compile and install it yourself (Windows)

On Windows, there is only npcap as the underlying library option (regardless of whether the underlying library is libpcap or libpnet).

Download the npcap-sdk file from the npcap official website and compile it yourself.

Change the path below to the path where your Packet.lib is located.

$env:LIB="D:\test"

Then install it through command.

cargo install xxpdump --features "libpnet"

Platform

Platform Note
Linux supported
Unix (*BSD, MacOS) supported
Windows supported (winpcap or npcap)

Why not tcpdump?

The classic packet capture software tcpdump is outdated.

My reasons are as follows:

  • The tcpdump does not support remote backup traffic.
  • The tcpdump is not memory safe (it is written in C language).
  • The tcpdump does not support modern file format pcapng well.

The opportunity for the birth of this software is that I have a server with a small memory and a small hard disk (which means I can't directly back up the traffic on this server and store it locally). I want to try to back up the traffic of this server to a backup server with a large hard disk, but the current tcpdump and other series of software cannot natively support remote transmission backup.

Discussion about pcap has been moved to the pcapture readme page (2025-4-28)

Usage

Local Capture

Very simple to start using, capture all traffics on all interfaces.

xxpdump -w xxpdump.pcapng

Or specify interface.

xxpdump -i ens33 -w xxpdump.pcapng

Capture the traffic and apply filter.

xxpdump -i ens33 -w xxpdump.pcapng -f 'tcp and (host 192.168.1.1 or host 192.168.1.2) and dst port 80'

Capture the traffic and split according to time.

xxpdump -i ens33 -w xxpdump.pcapng --rotate 60s

Capture the traffic and split according to file size.

xxpdump -i ens33 -w xxpdump.pcapng --file-size 10M

Capture the traffic and split according to packet count.

xxpdump -i ens33 -w xxpdump.pcapng --count 1024

Remote Capture

Client

xxpdump --mode client -i ens33 --server-addr '127.0.0.1:12345'

Server

This software does not guarantee the security of transmission, so the user needs to build a secure tunnel for this transmission (such as ssh tunnel, etc.).

xxpdump --mode server --server-addr '127.0.0.1:12345' --rotate 1h

Or

xxpdump --mode server --server-addr '127.0.0.1:12345' --file-size 100M

Or

xxpdump --mode server --server-addr '127.0.0.1:12345' --count 1024

Dependencies

~9–16MB
~279K SLoC