- Notifications
You must be signed in to change notification settings - Fork4
PCAP aggregator and centralized storage; mirror ofhttps://gitea.osmocom.org/osmocom/osmo-pcap
License
osmocom/osmo-pcap
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
osmo-pcap has been created to collect network traces at different nodesbut store them centrally at a dedicated node for further analysis. Thismight be needed for auditing, resolving conflicts, post processing ordebugging a distributed system.
The system consists out of theosmo-pcap-client to capture traffic at ahost andosmo-pcap-server to receive the traffic, store and rotate thetraffic at a centralized server. There is a shell script to compressand expire old traces.
Theosmo-pcap-client is using libpcap and has a built-in detector forthe GPRS-NS/BSSGP protocol to exclude user traffic. The client is knownto work on 32/64 bit systems. It can be configured through the VTY andthe minimal config includes the interface to monitor, the pcap filterto use and the server to send it to.
Theosmo-pcap-server will listen for new TCP connections and then willreceive the data from the client if it is coming from a known/good sourceIPv4/port. The server is configured to write one file per client and tochange/rotate the file when the link encapsulation is changing. It canbe configured to rotate the file a given time interval and/or if thefilesize is over a threshold.
The osmo-pcap-server comes with a shell script to rotate and compressold traces. Currently the configuration parameters (age or amount based)need to be tuned in the script itself.
There are Debian, Ubuntu, Raspbian packages available via the excellentopenSUSE Build Service.
Please see thecontrib/osmo-pcap-server.cfg andcontrib/osmo-pcap-client.cfgfile in the repository
In order to run all tests, do the following:
$ ./configure --enable-external-tests$ make -j5$ sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' src/osmo-pcap-client$ make check
- Add non-blocking TLS (probably GNUtls) support between client and server.
- Improve the clean-up script, maybe re-write in python with exteral configuration.
- Add hooks to the server to have an application receive all packages
osmo-pcap has been created by Holger Hans Peter Freyther (holger@freyther.de) and is licensed as AGPLv3+. The author appreciates failure or success reports of using the software.
About
PCAP aggregator and centralized storage; mirror ofhttps://gitea.osmocom.org/osmocom/osmo-pcap