0

I'm trying to record an incoming UDP stream (stream the sense that it's a stream of consecutive datagrams).

I tried netcat but unfortunately multiple sources send data on the same port address and nc doesn't let you specify the source or the target multicast address.

Then I tried tcpdump -w - because tcpdump has rich filtering options, but it records the raw stream and I only need the actual data so I can process it like it were a stream. Unfortunately it records all the packet related info like source/destination or IP/UDP headers.

Is there a way to do this? I could write a small C program to do this but I prefer to use existing tools.

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
Karoly Horvath
  • 334
  • 1
  • 4
  • 14

3 Answers3

2

My first choose would be wireshark. If you must do it from a terminal you can also try ngrep, it gives a more readable output than tcpdump. You can probably filter out the header info with a simple bash script.

http://ngrep.sourceforge.net/usage.html#http

Yavor Shahpasov
  • 481
  • 2
  • 6
1

You can use wireshark. It can do what you want plus more.

wireshark is not useful if what you want is to receive the data in the stream and feed it to a program. In that case, I would have to say that you are using the wrong protocol. If I were in your place I would cheat.

Hopefully you are on Linux. In that case, make a firewall rewrite rule to send incoming UDP packets from the desired source that are sent to the proper port to another port where you can use netcat to record the data in the stream.

This question will help you start.

Community
  • 1
Allen
  • 1,315
  • 7
  • 12
0

netsed or iptables + the libnetfilter_queue module or ngrep might do what you wish.

mbrownnyc
  • 1,825
  • 8
  • 30
  • 50