📦 Available Builds

🔍 Choosing the Right Build

• With DPI (netcap-*): Choose if you need Deep Packet Inspection features (protocol classification, application detection)
• Without DPI (netcap-nodpi-*): Choose for basic packet capture and analysis, smaller binary size
• libc vs musl: Use libc for standard Linux distros (Ubuntu, Debian, CentOS). Use musl for Alpine Linux or minimal containers

Installing on macOS via homebrew

Builds distributed via homebrew are built with DPI support.
You need to install the libprotoident and ndpi libraries via homebrew.

  $ brew install libprotoident ndpi
  $ brew tap dreadl0ck/formulas
  $ brew install netcap

Afterwards try running 'net' in your terminal.

📚 Documentation

• Full Documentation
• Installation Guide
• Command Reference

⚠️ Notes

• On macOS/Linux, you may need to grant necessary permissions: sudo chmod +x net
• Live capture requires root/administrator privileges
• Verify checksums with checksums.txt before use

Changelog

• 3977883 chore: remove 404 badge
• ace5585 feat: extensive performance metrics and performance.log for every execution, error handling and feedback improvements
• a4fb1a1 feat: stream size limits for tcp reassembly
• 2c529a3 feat: summary table at the end of multi file processing, catch panics and log to file
• 25a58c3 feat: test for file format detection
• 8d6ecd2 fix: Fall back to gopacket's built-in MAC prefix database if macaddr.io lookup is redacted
• 66e335d fix: cleanup freeOSMemory go routine between multiple runs
• e91e988 fix: free reassembly page cache
• 17e101c fix: goroutine leak in tcp factory
• ca7d247 fix: live collection handling of SIGINT
• 8069cd5 fix: log files closed twice on SIGINT
• 054e481 fix: more memory teardown logic
• bfe2b5a fix: reset allocs when running in multi file mode
• f01a157 v0.7.6 release

Full Changelog: v0.7.5...v0.7.6

📦 Available Builds

🔍 Choosing the Right Build

• With DPI (netcap-*): Choose if you need Deep Packet Inspection features (protocol classification, application detection)
• Without DPI (netcap-nodpi-*): Choose for basic packet capture and analysis, smaller binary size
• libc vs musl: Use libc for standard Linux distros (Ubuntu, Debian, CentOS). Use musl for Alpine Linux or minimal containers

Installing on macOS via homebrew

Builds distributed via homebrew are built with DPI support.
You need to install the libprotoident and ndpi libraries via homebrew.

  $ brew install libprotoident ndpi
  $ brew tap dreadl0ck/formulas
  $ brew install netcap

Afterwards try running 'net' in your terminal.

📚 Documentation

• Full Documentation
• Installation Guide
• Command Reference

⚠️ Notes

• On macOS/Linux, you may need to grant necessary permissions: sudo chmod +x net
• Live capture requires root/administrator privileges
• Verify checksums with checksums.txt before use

Changelog

• 5cc6817 bump go-dpi pkg, csv default separator now semicolon, comma to separate values, populate IPProfile.Applications field
• 83a2c44 chore: add stopOnError to release target
• 72d269e chore: fixes and formatting for multi file mode
• 2c05ee2 feat: add arg for docker TARGETPLATFORM
• e58ad21 feat: dpi results for additional audit record types
• 973a26e feat: dpi-modules flag to configure frameworks to use for dpi
• c1ac9bb feat: net util -decoders, for overview of decoders and encapsulation level
• f68faa9 feat: support to provide multiple input files via wildcard or shell expansion
• 18ed3d9 feat: tree view of decoders
• e0dc157 fix: harden various decoders against malformed data
• e8276be fix: panic when trying to access empty bfd auth header
• 50182d3 v0.7.5 release
• bdbbc3d v0.7.5 release
• 82c64d4 v0.7.5 release

Full Changelog: v0.7.4...v0.7.5

📦 Available Builds

🔍 Choosing the Right Build

• With DPI (netcap-*): Choose if you need Deep Packet Inspection features (protocol classification, application detection)
• Without DPI (netcap-nodpi-*): Choose for basic packet capture and analysis, smaller binary size
• libc vs musl: Use libc for standard Linux distros (Ubuntu, Debian, CentOS). Use musl for Alpine Linux or minimal containers

Installing on macOS via homebrew

Builds distributed via homebrew are built with DPI support.
You need to install the libprotoident and ndpi libraries via homebrew.

  $ brew install libprotoident ndpi
  $ brew tap dreadl0ck/formulas
  $ brew install netcap

Afterwards try running 'net' in your terminal.

📚 Documentation

• Full Documentation
• Installation Guide
• Command Reference

⚠️ Notes

• On macOS/Linux, you may need to grant necessary permissions: sudo chmod +x net
• Live capture requires root/administrator privileges
• Verify checksums with checksums.txt before use

Changelog

• b190550 fix dpi version info for builds distributed via homebrew, add usage info for mac users to release info
• de2fb3f v0.7.4 release

Full Changelog: v0.7.3...v0.7.4

📦 Available Builds

🔍 Choosing the Right Build

• With DPI (netcap-*): Choose if you need Deep Packet Inspection features (protocol classification, application detection)
• Without DPI (netcap-nodpi-*): Choose for basic packet capture and analysis, smaller binary size
• libc vs musl: Use libc for standard Linux distros (Ubuntu, Debian, CentOS). Use musl for Alpine Linux or minimal containers

📚 Documentation

• Full Documentation
• Installation Guide
• Command Reference

⚠️ Notes

• On macOS/Linux, you may need to grant necessary permissions: sudo chmod +x net
• Live capture requires root/administrator privileges
• Verify checksums with checksums.txt before use

Changelog

• 3ba9b66 fix: linux binaries extraction from build container, add dpi version info to netcap header
• 702383c v0.7.3 release

Full Changelog: v0.7.2...v0.7.3

📦 Available Builds

🔍 Choosing the Right Build

• With DPI (netcap-*): Choose if you need Deep Packet Inspection features (protocol classification, application detection)
• Without DPI (netcap-nodpi-*): Choose for basic packet capture and analysis, smaller binary size
• libc vs musl: Use libc for standard Linux distros (Ubuntu, Debian, CentOS). Use musl for Alpine Linux or minimal containers

📚 Documentation

• Full Documentation
• Installation Guide
• Command Reference

⚠️ Notes

• On macOS/Linux, you may need to grant necessary permissions: sudo chmod +x net
• Live capture requires root/administrator privileges
• Verify checksums with checksums.txt before use

Changelog

• e2f3ef5 chore: container base image cleanup, update release asset formatting
• b524dec chore: update ubuntu image used in containers to latest stable
• 1c4e11c dockerignore updates
• eae0c92 v0.7.2 release
• ccf81ff v0.7.2 release

Full Changelog: v0.7.1...v0.7.2

📦 Available Builds

🔍 Choosing the Right Build

• With DPI (netcap-*): Choose if you need Deep Packet Inspection features (protocol classification, application detection)
• Without DPI (netcap-nodpi-*): Choose for basic packet capture and analysis, smaller binary size
• libc vs musl: Use libc for standard Linux distros (Ubuntu, Debian, CentOS). Use musl for Alpine Linux or minimal containers

📚 Documentation

• Full Documentation
• Installation Guide
• Command Reference

⚠️ Notes

• On macOS/Linux, you may need to grant necessary permissions: sudo chmod +x net
• Live capture requires root/administrator privileges
• Verify checksums with checksums.txt before use

Changelog

• 9bb050d chore: switch to new releases of deps ja3,go-dpi and tlsx that use gopacket/gopacket, disable modbus,cip,enip,diameter decoders until they are available in gopacket/gopacket
• 2787441 fix: error in release command
• c10ca49 v0.7.1 release

Full Changelog: v0.7.0...v0.7.1

It's been a while!

New release:

• database feature works again: db hosting server is now integrated into netcap binary, dbs are now served from dbs.netcap.io by default and regenerated with latest IOCs daily, or you can host your own db generation service

To download the latest dbs:

net util -download-dbs

• updated dependencies
• updated nDPI from v3 to v4 and updated go-dpi bindings, libprotoident update
• replaced dreadl0ck/gopacket fork with actively maintained fork gopacket/gopacket
• preparations for tcp reassembly refactoring
• all release binaries built with go v1.25.1

Changelog

• d2fc0f2 Add comprehensive TCP reassembly implementation analysis and recommendations
• 1b802bc Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1
• f3c7ede Bump github.com/go-git/go-git/v5 from 5.2.0 to 5.13.0
• a9bb711 Bump github.com/prometheus/client_golang from 1.9.0 to 1.11.1
• a873885 Bump golang.org/x/net from 0.0.0-20210220033124-5f55cee0dc0d to 0.7.0
• 168c776 Fix TCP reassembly: sequence, bounds, concurrency, and RFC compliance issues
• 98a7dd9 Merge branch 'master' into dependabot/go_modules/github.com/prometheus/client_golang-1.11.1
• eecf936 Merge pull request #26 from dreadl0ck/dependabot/go_modules/github.com/prometheus/client_golang-1.11.1
• c849796 Merge pull request #27 from dreadl0ck/dependabot/go_modules/golang.org/x/net-0.7.0
• b71ad2a Merge pull request #31 from testwill/typo
• 59fda2e Merge pull request #33 from dreadl0ck/cursor/analyze-tcp-stream-reassembly-for-improvements-c3c4
• 1c5a724 Merge pull request #37 from dreadl0ck/dependabot/go_modules/github.com/go-git/go-git/v5-5.13.0
• 8f7839f Merge pull request #39 from dreadl0ck/dependabot/go_modules/github.com/cloudflare/circl-1.6.1
• b5a52f7 Merge pull request #45 from dreadl0ck/feature/dbs-refactoring
• 6605094 chore: dependency upgrades
• 404095c chore: nDPI bump to 4.14
• 4d4b78d chore: update deps and fix compilation errs
• 8e61744 feat: new db architecture
• 1ce3a6c feat: switch to gopacket/gopacket
• 620e565 fix: build issues with dpi and cross platform builds from apple silicon
• 7e7628c fix: goreleaser build
• 6ed08fc fix: linux build in container
• 2573689 v0.7.0 release

Changelog

• 39a85c6 fix: netbios panic on malformed packet, use latest libprotoident and added install script, updated containers, logging improvements, chore
• aaeec39 v0.6.11 release

Changelog

Updated release build process to create nodpi arm64 binaries for supporting M1 macs.

• 26b1129 v0.6.10 release
• 395160b v0.6.10 release
• 65ae7a2 v0.6.10 release
• 37ec41c v0.6.10 release
• 53b43a7 v0.6.10 release
• 4169f5f v0.6.10 release
• 4cb351d v0.6.10 release

Changelog

• contains a fix for installation via brew on macOS

• 503f79c v0.6.9 release