
# Standalone packet capture script derived from Packet Garden. 
#
# Copyright (C) 2007 Julian Oliver 
#
# Known to run on Linux. It may also run on a Darwin system.
#
# Requires:
#
# Python: http://python.org
# LibPcap http://tcpdump.org
# Python GeoIP: http://www.maxmind.com/app/python
# DPKT: http://code.google.com/p/dpkt/
# PyPcap: http://code.google.com/p/dpkt/
#
# Debian packages of pcap and dpkt can be found here:
#
#   http://www.selectparks.net/~julian/share/repo/
#
# At the time of writing the other dependencies are available in both 
# Debian and Ubuntu.
#
# Use:
#
# As root:
#
#  ./pcap_collate <DEVICE> <PATH>
#
# This script will capture, log and collate TCP and UDP packets 
# going over a network device provided as an argument (eth0 eth1 etc). 
# the <PATH> argument sets the location the resulting GZIPped log
# will be written to, which will be updated every 1000 packets.
#
# For this reason the script will automatically generate a new 
# log on a new day and can be restarted at any time without losing 
# more than 1000 packets of traffic.
# 
# The comma separated fields are structured as follows:
#
#     IP, direction, port, geo, length
#
# It will filter out all the packets on the local network, and 
# so is intended for use in recording Internet traffic going over 
# a single host.
#
# Ports to be filtered for can be set in the file config/filter.config
#
# Stop capture with the script 'stop_capture'.
#
