dumpcat
dump network packet to database
overview
- dump packet network to database
- monitor network packet
- analysis network packet
prerequest
- linux: install libpcap
- centos
sudo yum install -y libpcap-devel && sufo yum -y install libpcap - ubuntu
apt-get install -y libpcap-devel && apt-get install -y libpcap
- centos
- windows: install winpcap (https://www.winpcap.org/)
install
go get github.com/joeke80215/dumpcat
build
cd $GOPATH/src/github.com/joeke80215/dumpcat
go build -v
filter
BPF format (http://biot.com/capstats/bpf.html)
database support
- elasticsearch
logic layer support
- latency
config
config.yaml
dumplist:
{dump name}:
device: {device name}
bpf: {BPF filter string}
.
.
.
logics:
- timeoffset
output:
- elasticsearch:
host: {elasticsearch server host}
usage example
create config.yaml
dumpList:
http:
device: "enp2s0"
bpf: "tcp port 80"
ftp:
device: "enp2s0"
bpf: "tcp port 21"
sftp:
device: "enp2s0"
bpf: "tcp port 22"
logics:
- latency
output:
elasticsearch:
host: "http://192.168.0.100:9200"
execute
./dumpcat -f config.yaml