Tools for distributed pcap recording (osmo-pcap-server, osmo-pcap-client)
Go to file
Holger Hans Peter Freyther c2715e917f todo: Update with my long term goal to have TLS support
Change-Id: I566d48fe9831f384b93c3fad72a7dae9dd61b2d2
2016-05-08 11:24:04 +02:00
contrib jenkins: Attempt to fix FreeBSD distcheck 2016-05-03 14:37:34 +02:00
debian Make a new release with 64bit client fixes 2015-12-03 22:17:26 +01:00
include client: Deal with external representation for pcap files 2015-12-03 22:13:38 +01:00
src freebsd: Another fix for the next file 2016-05-03 14:37:31 +02:00
.gitignore contrib: Really add the config files, move them to contrib 2012-11-06 23:45:07 +01:00
AUTHORS osmo-pcap: Start with the autoconf/automake skeleton for this project 2011-05-31 10:19:47 +02:00
COPYING osmo-pcap: Start with the autoconf/automake skeleton for this project 2011-05-31 10:19:47 +02:00 distcheck: Need to package .version on Ubuntu as well 2016-05-03 14:37:22 +02:00 Mention the packages available 2016-01-18 14:25:19 +01:00
TODO todo: Update with my long term goal to have TLS support 2016-05-08 11:24:04 +02:00 gprs: Add a custom GPRS filter 2015-09-10 16:55:33 +02:00
git-version-gen misc: Fix the version determination of git-version-gen 2012-11-06 08:48:33 +01:00

osmo-pcap distributed network capture

osmo-pcap has been created to collect network traces at different nodes but store them centrally at a dedicated note for further analysis. This might be needed for auditing, resolving conflicts, post processing or debugging a distributed system.

The system consists out of the osmo-pcap-client to cpature traffic at a host and osmo-pcap-server to receive the traffic, store and rotate the traffic at a centralized server. There is a shell script to compress and expire old traces.


The osmo-pcap-client is using libpcap and has a built-in detector for the GPRS-NS/BSSGP protocol to exclude user traffic. The client is known to work on 32/64 bit systems. It can be configured through the VTY and the minimal config includes the interface to monitor, the pcap filter to use and the server to send it to.


The osmo-pcap-server will listen for new TCP connections and then will receive the data from the client if it is coming from a known/good source IPv4/port. The server is configured to write one file per client and to change/rotate the file when the link encapsulation is changing. It can be configured to rotate the file a given time interval and/or if the filesize is over a threshold.

The osmo-pcap-server comes with a shell script to rotate and compress old traces. Currently the configuration parameters (age or amount based) need to be tuned in the script itself.

Installation and Configuration

There are Debian, Ubuntu, SLES, OpenSUSE and CentOS packages available via the excellent openSUSE Build Service.

Please see the contrib/osmo-pcap-server.cfg and contrib/osmo-pcap-client.cfg file in the repository


  • Add non-blocking TLS (probably GNUtls) support between client and server.
  • Improve the clean-up script, maybe re-write in python with exteral configuration.
  • Add hooks to the server to have an application receive all packages

Author and License

osmo-pcap has been created by Holger Hans Peter Freyther ( and is licensed as AGPLv3+. The author appreciates failure or success reports of using the software.