netis / cloud-probe Goto Github PK

A Software Probe for network packet capturing and forwarding in Cloud/Kubernetes and Virtualized environment.

License: BSD 3-Clause "New" or "Revised" License

CMake 0.01% Shell 0.01% Python 0.04% C 0.55% C++ 99.31% Batchfile 0.01% Dockerfile 0.01% Puppet 0.01% Perl 0.01% HTML 0.01% M4 0.01% Makefile 0.06%

netis capture network traffic gre pcap cloud packet-agent docker kubernetes

cloud-probe's Introduction

English ∙ 简体中文

Netis Cloud Probe

What is Netis Cloud Probe?

Netis Cloud Probe (Packet Agent, name used before)is an open source project to deal with such situation: it captures packets on Machine A but has to use them on Machine B. This case is very common when you try to monitor network traffic in the LAN but the infrastructure is incapable, for example

There is neither TAP nor SPAN device in a physical environment.
The Virtual Switch Flow Table does not support SPAN function in a virtualization environment.

Also, this project aims at developing a suite of low cost but high efficiency tools to survive the challenge above.

pktminerg is the very first one, which makes you easily capture packets from an NIC interface, encapsulate them with GRE and send them to a remote machine for monitoring and analysis.

With 4 utilities:

pcapcompare is a utility for comparing 2 different pcap files.
gredump is used for capturing GRE packet with filter, and save them to pcap file.
gredemo is a demo app which is used to read packet from a pcap file and send them all to remote NIC. This can be only used when built from source code.
probeDaemon is a new added module from v0.7.0, which is responsible for the management of the pktminerg process. It can pull and kill pktminerg process and set the parameters of pktminerg in the command line. This module should work with CPM (Cloud Probe Manager)，which provides a user interface to set the strategies of pktminerg and can also display the statistis reported from pktminerg in graphs. You can contact Netis for the further support of CPM, or you can also develop your CPM. Currently, no probeDaemon for Win, which will be released later.

Getting Started

Installation

CentOS 7/8 and RedHat 7

Download and install the RPM package. Find the latest package from Releases Page.

wget https://github.com/Netis/cloud-probe/releases/download/v0.7.0/netis-cloud-probe-0.7.0.x86_64_centos.rpm
rpm -ivh netis-cloud-probe-0.7.0.x86_64_centos.rpm

SUSE 12SP2

Download and install the RPM package. Find the latest package from Releases Page.

wget https://github.com/Netis/cloud-probe/releases/download/v0.7.0/netis-cloud-probe-probe-0.7.0.x86_64_suse.rpm
rpm -ivh netis-cloud-probe-probe-0.7.0.x86_64_suse.rpm

Ubuntu 18.04LTS

Download and install the DEB package. Find the latest package from Releases Page.

wget https://github.com/Netis/cloud-probe/releases/download/v0.7.0/netis-cloud-probe-0.7.0_amd64.deb
sudo dpkg -i netis-cloud-probe-0.7.0_amd64.deb

Remarks: If it encounter a library dependency error when install from rpm, you should install boost_1_59_0 or later. If this also can't work, you can build and run from source.

Remarks: Now only support CentOS 6/7, RedHat 7, SUSE 12, Ubuntu 18.04 LTS.

Windows 2019 server

Download and Install Winpcap of latest version.
Download and Install Microsoft Visual C++ Redistributable for Visual Studio 2017 x64.
Extract pktminerg and other utilities from zip, and run it in cmd in Administrator Mode. https://github.com/Netis/cloud-probe/releases/download/v0.7.0/netis-cloud-probe-0.7.0.Windows.AMD64.zip

Usage

Remarks: Make sure the firewall allows GRE packets to be sent to the target. https://lartc.org/howto/lartc.tunnel.gre.html provides a way to check firewall allows GRE packets to be sent.

# Capture packet from NIC "eth0", encapsulate with GRE header and send to 172.16.1.201
pktminerg "-i eth0 -r 172.16.1.201 -k 12"

# compare 2 pcap files
pcapcompare --lpcap /path/to/left_file.pcap --rpcap /path/to/right_file.pcap

# Capture packet from NIC "eth0" and save them to gredump_output.pcap
gredump -i eth0 -o /path/to/gredump_output.pcap

# Capture packets from NIC "eth0", forward to 172.16.1.201 with GRE encapsulated and capture packets from "eth1", forward to 10.1.2.123 with vni encapsulated
pktminerg "-i eth0 -r 172.16.1.201 -k 12" "-i eth1 -r 10.1.2.123 -n 12"

For more information on using these tools, please refer to this document.

For docker usage, please refer to this document.

Build from source.

You can also clone source from Github and build Netis Packet Agent in local, then check"/path/to/packet-agent/bin" to find all binary.
For build precondition and steps, please refer to this document.

Documentation / Useful link

Build requirements and steps.

Contributing

Fork the project and send pull requests. We welcome pull requests from members of all open source community.

License

The computer software is licensed under the BSD-3-Clause.

Contact info

You can E-mail to [email protected].
You can also report issues and suggestions via GitHub issues.

cloud-probe's People

Contributors

Stargazers

Watchers

Forkers

rivercg lcywoodlucy radiolover lengxu eloong-z christiezhang tomdong jacobdu jennyli90 michellewang616 joocejie gaoxyun tencats wods daizw jamaze huangqiaobo hissummer nishibaiyang shenjinian inphs c1h2cy cppalien shesw csldev kentonyu fk-prog lixuejiang wujiefeng thomashelen1 aaron9320 thenatureofspaceandtime hardensky liddx000 cybercarrot jsnjyxx daoshouchen deju enoy ethan4869 way-ho hardworkingbees luovi pengpeng82 shadowhunter2 badbun zhang1430116185 yaya1286249672 puxw0903 yy2019-yy needniming zhanghjie travis-hoo zichen93 capricorn9527 gardenia623 ivliu pretty-summer shengxiali helen156518 softwarelanguagebs 1319068601 allisright1979 jiangangcao abl-e fotf gjjie lzh15378738622 whitedewy stevendwy zhoujiankang xiaohuihuifgt liuhong404 alexanderyeah penglixu soberlmy qij1995 jensenzz lpy724080955 hello-byt dqksoftware 350323749 wangnan-plus coderyeah liutengfei1993 mercya liu33144 lichuankun2015 piggysh treedi gengtian imaxopen jasonliuzj sanshun3 wangwenjuan3 u20024804 nsdown einvince freemanzyq zhaoxuyyi

cloud-probe's Issues

Support to slice the packets.

Support decode and tranfer packets with the vlan header

VLAN is a set of equipment and users on logic. They are not affected by their locations. Based on function, department and other factors, they are associated and communicated as if they are in the same network. In packtes, VLAN header is out of the IP header. From the version, Packet-Agent can decode VLAN header and transfer the packets with VLAN header.

packet-agent adds timestamp before output pcaps

I hope that packet-agent adds timestamp(with ns), before output pcap.

how to install through yum command?

any idea about simplified installation steps, add repository to use yum install/upgrade command?

Add Parameter "expression" to determine the direction in the transferred packets.

add "--expression" to filter the incoming packets

GRE

We're so excited that you've decided to create a new project! Now that you're here, let's make sure you know how to get the most out of GitHub Projects.

Create a new project
Give your project a name
Press the ? key to see available keyboard shortcuts
Add a new column
Drag and drop this card to the new column
Search for and add issues or PRs to your project
Manage automation on columns
Archive a card or archive all cards in a column

INSTALL.md

INSTALL.md isn't up to date. Those windows installations was missing in INSTALL.md

The usage of the wildcard character

By using wildcard, we can use the name of the network infterface in the parameter "--expression", which can be translated to the ip of the interface.

IP truncated-ip - 1295 bytes missing!

大量这个包错误，请问要怎么解决

简单用tomcat自带服务测试了下，发现能承受的qps并不高

catch-analysis transport protocal maybe not proper

Add the feature of Parameter "--dir"

Limit the speed of transferring packets.

In many cases, we need to limit the traffic of packets transferred to other servers, which should be a very useful feature

Support to capture packets from multiple networkinterface

k8s部署后出现停掉ovs-vswitchd的情况

大佬，我们现在的node隧道网络是通过ovs-vswitchd软件实现，部署pa后出现pa给ovs-vswitchd发送异常停止信号（signal 15），终止了进程，请问是什么原因？

请问支持vs2017编译么？

您好，我下载了源码，用vs2017尝试编译，boost版本是1.73，cmake配置没有成功是因为boost版本不匹配么？

Can not recv message python-zmq

Hi everyone, I have test packet-agent binary package with ubuntu14.04 https://github.com/Netis/packet-agent/releases/download/v0.3.6/netis-packet-agent-0.3.6_amd64.deb

first run pktminerg on 192.168.1.21

pktminerg -i eth0 -r 192.168.1.25 -z 5555 -k 20

install python-zmq on 192.168.1.25

sudo apt-get install python-zmq

run python zmq server with follow demo code

import zmq
context = zmq.Context()
socket = context.socket(zmq.REP)
socket.bind("tcp://*:5555")
while True:
message = socket.recv_string()
print(message)
socket.send_string("OK, 200")

but 192.168.1.25 can not recv any message, I am sure firewall is close

Support GRE encapsulated

Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.

Packet Agent support capture pcap forwarding via GRE Tunnel to remote. Furthermore, you can set GRE key in command line params.

GRE key include ippair direction information at high 4 bits.

Capture on an interface with no ip address

When I run "pktminerg -i tap7f7776ea-11 -r 10.0.0.222" to capture on interface tap7f7776ea-11, I get:

[2019-10-25 17:07:36] Set pcap filter as "not host 10.0.0.222".
[2019-10-25 17:07:36] Call pcap_lookupnet failed, error is tap7f7776ea-11: no IPv4 address assigned.
[2019-10-25 17:07:36] Call PcapLiveHandler openPcap failed.

But I do need to capture on interface "tap7f7776ea-11", which is a virtual interface on linux-bridge, and send the packets via another interface to host "10.0.0.222", please kindly suggest a solution, thank you.

有未授权登录界面，有计划对该页面进行登录认证吗

error: Failed dependencies

[root@ab ~]# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)

[root@ab ~]# yum install libpcap
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile

base: ftp.sjtu.edu.cn
extras: ftp.sjtu.edu.cn
updates: ftp.sjtu.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package libpcap.x86_64 14:1.5.3-3.el7_0.1 will be updated
---> Package libpcap.x86_64 14:1.5.3-11.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================
Package Arch Version Repository Size

Updating:
libpcap x86_64 14:1.5.3-11.el7 base 138 k

Transaction Summary

Upgrade 1 Package

Total download size: 138 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
libpcap-1.5.3-11.el7.x86_64.rpm | 138 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 14:libpcap-1.5.3-11.el7.x86_64 1/2
Cleanup : 14:libpcap-1.5.3-3.el7_0.1.x86_64 2/2
Verifying : 14:libpcap-1.5.3-11.el7.x86_64 1/2
Verifying : 14:libpcap-1.5.3-3.el7_0.1.x86_64 2/2

Updated:
libpcap.x86_64 14:1.5.3-11.el7

Complete!

[root@ab ~]# wget https://github.com/Netis/packet-agent/releases/download/v0.3.0/netis-packet-agent-0.3.0.el6.x86_64.rpm
--2018-07-31 13:03:27-- https://github.com/Netis/packet-agent/releases/download/v0.3.0/netis-packet-agent-0.3.0.el6.x86_64.rpm
Resolving github.com (github.com)... 192.30.255.112, 192.30.255.113
Connecting to github.com (github.com)|192.30.255.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/138287889/60e78a2c-764b-11e8-95e6-6e042165848b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20180731%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20180731T050329Z&X-Amz-Expires=300&X-Amz-Signature=5c853bbc8dcddcbf58372740192218d26a1e217af9d832fb6ea5a56f326c1513&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dnetis-packet-agent-0.3.0.el6.x86_64.rpm&response-content-type=application%2Foctet-stream [following]
--2018-07-31 13:03:29-- https://github-production-release-asset-2e65be.s3.amazonaws.com/138287889/60e78a2c-764b-11e8-95e6-6e042165848b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20180731%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20180731T050329Z&X-Amz-Expires=300&X-Amz-Signature=5c853bbc8dcddcbf58372740192218d26a1e217af9d832fb6ea5a56f326c1513&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dnetis-packet-agent-0.3.0.el6.x86_64.rpm&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)... 52.216.227.176
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-asset-2e65be.s3.amazonaws.com)|52.216.227.176|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 104728 (102K) [application/octet-stream]
Saving to: etis-packet-agent-0.3.0.el6.x86_64.rpm

100%[==================================================================================================================>] 104,728 94.6KB/s in 1.1s

2018-07-31 13:03:31 (94.6 KB/s) - etis-packet-agent-0.3.0.el6.x86_64.rpmsaved [104728/104728]

[root@ab ~]# ll
total 108
-rw-------. 1 root root 1153 Jul 31 10:54 anaconda-ks.cfg
-rw-r--r--. 1 root root 104728 Jun 22 18:37 netis-packet-agent-0.3.0.el6.x86_64.rpm

[root@ab ~]# rpm -ivh netis-packet-agent-0.3.0.el6.x86_64.rpm
error: Failed dependencies:
libboost_filesystem.so.1.59.0()(64bit) is needed by netis-packet-agent-0.3.0-1.x86_64
libboost_program_options.so.1.59.0()(64bit) is needed by netis-packet-agent-0.3.0-1.x86_64
libboost_system.so.1.59.0()(64bit) is needed by netis-packet-agent-0.3.0-1.x86_64

关于K8S流量监控

大佬好，我看到docker目录的关于K8S流量监控，我使用了第一种方法，把服务启动起来，但是没有看到什么效果，还需要设置什么内容？

Cards

Cards can be added to your board to track the progress of issues and pull requests. You can also add note cards, like this one!

release on KylinOS

request to build Kylin OS release
what about the arm support?

is Debian aarch64 supported?

In releases
I only find https://github.com/Netis/packet-agent/releases/download/v0.6.0/netis-packet-agent-0.6.0_amd64.deb yet

is Debian aarch64 supported?

thanks

Support transfer packets with ZMQ protocl

ZeroMQ looks like an embeddable networking library but acts like a concurrency framework. With the implementation of the feature, Packet-Agent is able to transfer the captured packets relliably.

Can not recv packet in zmq server

pktminerg on windows platform

hello,

I use pktminerg with the command below on windows platform,but it has error

how can i use the pktminerg with options "-i"?

PS C:\Users\Administrator\bin> getmac /fo csv /v
"连接名","网络适配器","物理地址","传输名称"
"VirtualNet","Hillstone Virtual Network Adapter Tunnel","暂缺","媒体已断开连接"
"本地连接","Xen Net Device Driver","FA-16-3E-A3-F9-11","\Device\Tcpip_{6E118FB8-ED1B-48C4-B597-EC9E2560CC2A}"
PS C:\Users\Administrator\bin>
PS C:\Users\Administrator\bin>
PS C:\Users\Administrator\bin> .\pktminerg.exe -i \Device\NPF_{6E118FB8-ED1B-48C4-B597-EC9E2560CC2A} -r 192.168.1.20
pktminerg.exe : 为 -inputFormat 参数指定了无效的值(\Device\NPF_)。有效值为 Text 和 Xml。
所在位置行:1 字符: 1

.\pktminerg.exe -i \Device\NPF_{6E118FB8-ED1B-48C4-B597-EC9E2560CC2A} -r 192.168 ...

  + CategoryInfo          : InvalidArgument: (:) []，ParameterBindingException
  + FullyQualifiedErrorId : IncorrectValueForFormatParameter

PS C:\Users\Administrator\bin>

thank you for your help

can i use a non-root user to executive packet-agent ?

kubernetes平台多veth抓包问题

kubernetes平台下pod会创建或销毁，
创建pod，此pod对应的veth会被创建；
销毁pod，此pod对应的veth会被销毁；
请问这种情况下，veth的采集packet-agent支持吗

Support dump packets to pcap file on the local server

With this feature, Packet-Agent can download the packets captured to a specified directory. Furthermore, the interval for dump can also be set.

ScopeGuard这个类是什么作用呢？

您好，请教一个技术问题， ScopeGuard这个类没看懂这个类起什么作用？

基于ARM的，采用containerd作为运行时的镜像

是否支持基于arm平台的k8s镜像，并采用daemonset 方式进行部署，而且k8s采用的运行时是containerd。

Support Vxlan encapsulated

Virtual Extensible LAN (VXLAN) is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number.

Packet Agent support capture pcap forwarding via VXLAN Tunnel to remote. Furthermore, you can set VXLAN VNI in command line params.

VXLAN VNI include ippair direction information at high 4 bits.