Edit the server address in sensor.yaml: # run on the target hosts to capture and forward traffic# copy and edit the sample sensor-local.yaml file, and add the address of the receiver hostcp. contrib/config/receiver.yaml Run one or more PacketStreamer sensors on local and remote hosts.
#Packetstream ubuntu install
# Pre-requisites (Ubuntu): sudo apt install golang-go libpcap-devgit clone PacketStreamer/make Run a PacketStreamer receiver, listening on port 8081 and writing pcap output to /tmp/dump_file (see receiver.yaml). You will need to install the golang toolchain and libpcap-dev before building PacketStreamer.
#Packetstream ubuntu full
Quick Start For full instructions, refer to the PacketStreamer Documentation. Use PacketStreamer if you need a lightweight, efficient method to collect raw network data from multiple machines for central logging and analysis. ksniff captures raw packet data from a single Kubernetes pod. For example, PacketBeat captures and parses the packets on multiple remote hosts, assembles transactions, and ships the processed data to a central ElasticSearch collector. When to use PacketStreamer PacketStreamer meets more general use cases than existing alternatives. You can then process the pcap file or live feed the traffic to the tooling of your choice, such as Zeek, Wireshark Suricata, or as a live stream for Machine Learning models. The PacketStreamer receiver accepts network traffic from multiple sensors, collecting it into a single, central pcap file. PacketStreamer sensors can be run on bare-metal servers, on Docker hosts, and on Kubernetes nodes. Sensors are very lightweight and impose little performance impact on the remote hosts.
It selects packets to capture using a BPF filter, and forwards them to a central reciever process where they are written in pcap format. The PacketStreamer receiver accepts PacketStreamer streams from multiple remote sensors, and writes the packets to a local pcap capture file PacketStreamer sensors collect raw network packets on remote hosts.
Traffic streams may be compressed and/or encrypted using TLS. Sensors capture traffic, apply filters, and then stream the traffic to a central reciever. Linux and Windows PacketStreamer sensors are started on the target servers. Primary design goals: Stay light, capture and stream, no additional processing Portability, works across virtual machines, Kubernetes and AWS Fargate. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Deepfence PacketStreamer is a high-performance remote packet capture and collection tool.
0 kommentar(er)
