gabdu
commented
7 years ago It has to be a passive network tap i.e. it should be able to listen on already being used webserver port etc. More of port mirroring than port fwding, I think this is not supported.
xtaci
I am looking for something like rpcapd to capture packets on vm1 and send them to vm2 for offline analysis i.e. a software only network tap. Is kcptun a right candidate for this feature? I like it especially since it provides end to end encryption. My use is to capture tcp packets and send them over udp to remote machine where they can be consumed by another service (like dumping into a time series database, piping the live feed into an IDS like Snort) etc.
Any inputs on this use case? Any inputs on finetuning related to performance for this use case?