Netis

A toolset for network packet capture in Cloud/Kubernetes and Virtualized environment.

Stars
936
Forks
172
Open issues
0
Closed issues
34
Last release
4 months ago
Last commit
4 months ago
Watchers
936
Total releases
22
Total commits
426
Open PRs
0
Closed PRs
121
Repo URL
Platform
Category
Offers premium version?
NO
Proprietary?
NO
About

English ∙ 简体中文

Netis Cloud Probe

What is Netis Cloud Probe?

Netis Cloud Probe (Packet Agent, name used before)is an open source project to deal with such situation: it captures packets on Machine A but has to use them on Machine B. This case is very common when you try to monitor network traffic in the LAN but the infrastructure is incapable, for example

  • There is neither TAP nor SPAN device in a physical environment.
  • The Virtual Switch Flow Table does not support SPAN function in a virtualization environment.

Also, this project aims at developing a suite of low cost but high efficiency tools to survive the challenge above.

  • pktminerg is the very first one, which makes you easily capture packets from an NIC interface, encapsulate them with GRE and send them to a remote machine for monitoring and analysis.

With 4 utilities:

  • pcapcompare is a utility for comparing 2 different pcap files.
  • gredump is used for capturing GRE packet with filter, and save them to pcap file.
  • gredemo is a demo app which is used to read packet from a pcap file and send them all to remote NIC. This can be only used when built from source code.
  • probeDaemon is a new added module from v0.7.0, which is responsible for the management of the pktminerg process. It can pull and kill pktminerg process and set the parameters of pktminerg in the command line. This module should work with CPM (Cloud Probe Manager),which provides a user interface to set the strategies of pktminerg and can also display the statistis reported from pktminerg in graphs. You can contact Netis for the further support of CPM, or you can also develop your CPM. Currently, no probeDaemon for Win, which will be released later.

Getting Started Installation CentOS 7/8 and RedHat 7

  1. Download and install the RPM package. Find the latest package from Releases Page.

wget https://github.com/Netis/cloud-probe/releases/download/v0.7.0/netis-cloud-probe-0.7.0.x86_64_centos.rpm
rpm -ivh netis-cloud-probe-0.7.0.x86_64_centos.rpm
SUSE 12SP2

  1. Download and install the RPM package. Find the latest package from Releases Page.

wget https://github.com/Netis/cloud-probe/releases/download/v0.7.0/netis-cloud-probe-probe-0.7.0.x86_64_suse.rpm
rpm -ivh netis-cloud-probe-probe-0.7.0.x86_64_suse.rpm
Ubuntu 18.04LTS

  1. Download and install the DEB package. Find the latest package from Releases Page.

wget https://github.com/Netis/cloud-probe/releases/download/v0.7.0/netis-cloud-probe-0.7.0_amd64.deb
sudo dpkg -i netis-cloud-probe-0.7.0_amd64.deb

Remarks: If it encounter a library dependency error when install from rpm, you should install boost_1_59_0 or later. If this also can't work, you can build and run from source.

Remarks: Now only support CentOS 6/7, RedHat 7, SUSE 12, Ubuntu 18.04 LTS.

Windows 2019 server

  1. Download and Install Winpcap of latest version.
  2. Download and Install Microsoft Visual C++ Redistributable for Visual Studio 2017 x64.
  3. Extract pktminerg and other utilities from zip, and run it in cmd in Administrator Mode. https://github.com/Netis/cloud-probe/releases/download/v0.7.0/netis-cloud-probe-0.7.0.Windows.AMD64.zip


Usage

Remarks: Make sure the firewall allows GRE packets to be sent to the target. https://lartc.org/howto/lartc.tunnel.gre.html provides a way to check firewall allows GRE packets to be sent.

# Capture packet from NIC "eth0", encapsulate with GRE header and send to 172.16.1.201
pktminerg "-i eth0 -r 172.16.1.201 -k 12"

compare 2 pcap files

pcapcompare --lpcap /path/to/left_file.pcap --rpcap /path/to/right_file.pcap

Capture packet from NIC "eth0" and save them to gredump_output.pcap

gredump -i eth0 -o /path/to/gredump_output.pcap

Capture packets from NIC "eth0", forward to 172.16.1.201 with GRE encapsulated and capture packets from "eth1", forward to 10.1.2.123 with vni encapsulated

pktminerg "-i eth0 -r 172.16.1.201 -k 12" "-i eth1 -r 10.1.2.123 -n 12"

For more information on using these tools, please refer to this document.

For docker usage, please refer to this document.

Build from source.

You can also clone source from Github and build Netis Packet Agent in local, then check"/path/to/packet-agent/bin" to find all binary.
For build precondition and steps, please refer to this document.

Documentation / Useful link

Contributing

Fork the project and send pull requests. We welcome pull requests from members of all open source community.

License

Copyright (c) 2018 - 2020 Netis.
The content of this repository bound by the following licenses:

Contact info


Alternative Projects

Subscribe to Open Source Businees Newsletter

Twice a month we will interview people behind open source businesses. We will talk about how they are building a business on top of open source projects.

We'll never share your email with anyone else.