packet-headers

command module
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2019 License: Apache-2.0 Imports: 21 Imported by: 0

README

packet-headers

Version Build Status Coverage Status GoDoc Go Report Card

The packet-headers service provides a binary which collects packet headers for all incoming TCP flows and saves each stream of packet captures into a per-stream .pcap file where the filename is the UUID of the TCP flow. It should only save the packet headers, and it supports (with a command-line flag) IP anonymity for the saved addresses.

Design

(This should eventually be broken out into its own file DESIGN.md)

Use the gopacket libraries to sniff all packets on the wire. For v1, where we are only interested in TCP flows, install a Berkeley Packet Filter to ensure that only TCP packets get sent to the packet-headers daemon.

Modifications to tcp-info

To fulfil its obligations (a per-flow file containing the UUID) packet-headers will need an addition to the tcp-info service. In this addition, packet-headers will connect as a client to a well-specified port on localhost or a unix-domain socket that is served by tcp-info. Whenever a new stream begins or ends, the tcp-info system will post the 5-tuple of the stream and its UUID on the open connection. In this way, the packet-headers system will learn about new connections from the kernel, which is the only true authority about what is and isn't a new connection. It will also learn when the connection is closed, which is the one true signal for when to safely close the pcap file.

Appendix

FAQ: What about UDP? ICMP?

A good idea, but not required for v1.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
Package demuxer contains the tools for sending packets to the right goroutine to save them to disk.
 Package demuxer contains the tools for sending packets to the right goroutine to save them to disk.
Package metrics is the central storage lcoation for all program metrics.
 Package metrics is the central storage lcoation for all program metrics.
Package muxer helps solve the problem that captures take place only on a per-interface basis, but tcp-info collects flow information with no reference to the underlying interface.
 Package muxer helps solve the problem that captures take place only on a per-interface basis, but tcp-info collects flow information with no reference to the underlying interface.
Package saver provides the toold for saving a single flow's packets to disk.
 Package saver provides the toold for saving a single flow's packets to disk.
Package tcpinfohandler deals with the output from the eventsocket served by the tcp-info binary.
 Package tcpinfohandler deals with the output from the eventsocket served by the tcp-info binary.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.