How to Receive and capture packets from internet/remote host using DPDK?

I want to capture Raw Packets from any host and capture them in a file like "recieved.pcap" bypassing the kernel. I am using a virtual ec2 instace for this. To bypass kernel I have set up DPDK on my instance. I am new to networking and any help would be appreciated !

I have:

DPDK version: 19.11.5 installed on Amazon Linux 2 ec2 instance.
NIC binded to DPDK : Amazon eni
I have libpcap-dev installed.

I ran testpmd application ,and here is the output :

[ec2-user@ip-172-31-82-187 app]$ sudo ./testpmd -l 0-3 -n 4 -- -i
EAL: Detected 8 lcore(s)
EAL: Detected 1 NUMA nodes
EAL: Multi-process socket /var/run/dpdk/rte/mp_socket
EAL: Selected IOVA mode 'PA'
EAL: No available hugepages reported in hugepages-1048576kB
EAL: Probing VFIO support...
EAL: PCI device 0000:00:05.0 on NUMA socket -1
EAL:   Invalid NUMA socket, default to 0
EAL:   probe driver: 1d0f:ec20 net_ena
EAL: PCI device 0000:00:06.0 on NUMA socket -1
EAL:   Invalid NUMA socket, default to 0
EAL:   probe driver: 1d0f:ec20 net_ena
Interactive-mode selected
testpmd: create a new mbuf pool <mbuf_pool_socket_0>: n=171456, size=2176, socket=0
testpmd: preferred mempool ops selected: ring_mp_mc

Warning! port-topology=paired and odd forward ports number, the last port will pair with itself.

Configuring Port 0 (socket 0)
Port 0: 16:61:BE:67:49:75
Checking link statuses...
Done
Error during enabling promiscuous mode for port 0: Operation not supported - ignore

Solution

Based on the intercept scenario, there are 4 options to solve this problem

Option-1: for Remote Termination use of single DPDK port with MAC|VLAN address modification.
Option-2: for Remote Termination use of two DPDK port with no MAC address modification.
Option-3: for Local Termination use of DPDK TAP PMD to terminate to HOST/GUEST OS, with no packet MAC|VLAN modification.
Option-4: for Local Termination use of DPDK PCAP PMD to intercept the packets from Kernel interface, with no packet MAC|VLAN modification.

Please follow the steps to capture the traffic appropriately. For

Option-1:

Create the VM with 1 DPDK port.
Use testpmd or sample application l2fwd (modified with DPDK rte_pdump_init) to capture and replay back into PORT.
Since MAC-address|VLAN is modified with appropriate rules one can forward from remote HOST to desired destination
Start dpdk PDUMP application, example sudo ./build/app/dpdk-pdump -- --pdump 'port=0,queue=*,tx-dev=./tx.pcap' . This will capture packets that enter from outside and write into tx.pcap.

Option-2:

Create VM with 2 DPDK ports
Start DPDK modified application (use dpdk rte_pdump_init) either skeleton or l2fwd.
for l2fwd use option --no-mac-updating.
Start dpdk PDUMP application, example sudo ./build/app/dpdk-pdump -- --pdump 'port=0,queue=*,tx-dev=./tx.pcap' . This will capture packets that enter from outside and write into tx.pcap

Option-3:

Create the VM with 1 DPDK port (AMAZON enic)
bind the desired DPDK port (WAN) with appropriate UIO driver
Start DPDK application like basicfwd sudo ./build/basicfwd -l 2 --vdev=net_tap0,mac="mac address of DPDK port" -a <PCIe BDF>.
Within linux terminal sudo ifconfig dtap0 <ip address/mask> up
[optional] add desired route entry.
use linux tcpdump, python or any packet capture application to grab packets from dtap0 interface for RX|TX or both direction.

Option-4:

Create the VM with 1 DPDK port (AMAZON enic)
make sure the interface is bind with kernel driver.
ensure the interface is able to reach outside network (WAN) using ping -I <interface name> stackoverflow.com
run dpdk modified application like basicfwd or l2fwd with rte_pdump_init (example ./build/l2fwd -l 2 --vdev=net_pcap0,iface=<interface name> -- -p 1 -T 1 --no-mac-updating)
capture the packets using DPDK PDUMP applciation. example: sudo ./build/app/dpdk-pdump -- --pdump 'port=0,queue=*,tx-dev=./tx.pcap'

Note:

refer for use DPDK PDUMP use case.
recommendation is use option 3, as it eliminates the need for DPDK secondary process and disabling ASLR.