I have what sounds like the simplest possible use case, and yet nothing is satisfactory.
I have a multi-homed host and I would like to listen to multicasts on eth1, and shove all the payload (NOT including UDP packet headers, just the payload) into a file. Here are some things I've already tried,
- socat. This sounds like it would be the perfect tool, but I have no idea what syntax to use and all the examples I find are for much more complicated use cases. I can't really make heads or tails of the examples I see. If anyone knows, how could I get socat to do this? Feel free to call me an idiot for not figuring it out.
- vlc. Occasionally drops packets, which is not acceptable. I need it to run for a long time without a single packet dropped. I see this occasional drop on many vlc versions on multiple platforms and I simply don't trust it.
- wireshark. This does work and never drops packets like vlc (even when run side-by-side at the same time), but I don't actually need a packet dump, just the payload. I can after-the-fact use wireshark to write all the payload to a file using the "follow UDP stream" feature, but it takes a lot of time and it prevents me from saving the payload in realtime. Plus it seems to be only possible in the wireshark gui. My workflow would be much easier without some GUI.
- netcat. Sounded like the right tool, but doesn't do jack shit when it comes to receiving multicast. No idea how to debug, or if it just doesn't work with multicast. Alongside, I am running nemesis to force igmp joins and I can see with tcpdump that this works. Please suggest if I am missing something stupid.
- nc6. same result as netcat.