-
Notifications
You must be signed in to change notification settings - Fork 171
Features
This new added module is responsible the management of pktminerg. It should work with CPM.
Link libpcap library statically, and Users need not to install it.
In K8S, Packet-Agent can be installed in a pod and then, it can capture the traffic in other pods of the same node (with -c parameter, by which containerId followed). Note: the pod of Packet-Agent should be configured to monitor all the process on the node. In KVM, Packet-Agent can be installed on the host, it can capture the traffic in its virtual machines(with -k parameter, by which the name of the virtual machine followed).
When the network interface is down, Packet-Agent can check its status periodically, and will capture its traffic once it goes to work.
Packet-Agent can capture the traffic on multiple network-interface(pods or virtual machines) at the same time.
Packet-Agent can detect the direction of the message(request or response) with mac when "auto" is followed after "--dir"
When forwarding with ZMQ, Packet-Agent will encapsulate the message with MPLS.
Log module is added and could be configured with the configuration file.
When encapsulate with VXLAN, we could set the vxlan port (the parameter "-x") and default is 4789
support compiling and execute on the platform of Windows. Besides, the name of network interface in Chinese can also be supported.
Sometimes, only the headers of the packets are significant to users. In such a case, we can use that parameter to slice the packets. For example, "--slice 200", only the first 200 bytes will be transferred.
capturing packets from multiple network interfaces is a general requirement in many cases and this feature is supported from v0.5.8. To do that, we can input the commond: pktminerg "-i eth0 -k 1 -r X.X.X.X" "-i eth1 -n 2 -r X.x.x.x" ....
When we use tcpreplay to play the pcap file and want PA to transfer the packet, we usually want to add a bit in the GRE/VXLan to indicate the direction of the packet (incoming or outgoing). By using the parameter "--dir", we can realize that feature. For example, when we use "--dir host_10.1.1.1", if the dst ip of the packet is "10.1.1.1", it will be marked as "incoming" and in the same way, when if the src ip is 10.1.1.1, it will be marked as "outgoing". By the way, the name of interface name can be used also, as that used in the parameter of "--expression".
From this release, we can set the name of the network interface in the parameter "--expression", such as "--expression host nic.eth0". By doing that, the name of the interface will be translated to its ip as a filter.
In most cases, limiting the speed of transferring packets would be a very useful feature. By using the parameter "--mbps", we can use this function. By the way, the type of the number followed by the parameter is the type of "double".
ZeroMQ (also known as ØMQ, 0MQ, or zmq) looks like an embeddable networking library but acts like a concurrency framework and it ensure the reliable transferring. Packet-Agent can encapsulate the packets with GRE and transfer them to their destinations. By using "--zmq_port", we can specify the dest port. By the way, we can set multiple destinations followed by "-r".
Sometimes we need to dump the captured packets on the local server instead of transferring them. And in this version, the feature is added. By using Parameter "--dump" and "interval", we can specify the directory and interval for packets saving. For example: "pktminerg -i ens33 --dump /root/tmp/ --interval 15". then, the packets will be saved as .pcap file in /root/tmp/ and there will be a new pcap file every 15 sec.
VLAN is a set of equipment and users on logic. They are not affected by their locations. Based on function, department and other factors, they are associated and communicated as if they are in the same network. In packtes, VLAN header is out of the IP header. From the version, Packet-Agent can decode VLAN header and transfer the packets with VLAN header.
Virtual Extensible LAN (VXLAN) is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number.
Packet Agent support capture pcap forwarding via VXLAN Tunnel to remote. Furthermore, you can set VXLAN VNI in command line params.
VXLAN VNI include ippair direction information at high 4 bits.
- Virtual Extensible LAN
- RFC 7348, Virtual eXtensible Local Area Network (VXLAN)
Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.
Packet Agent support capture pcap forwarding via GRE Tunnel to remote. Furthermore, you can set GRE key in command line params.
GRE key include ippair direction information at high 4 bits.
- Generic Routing Encapsulation
- RFC 2784, Generic Routing Encapsulation (GRE) (proposed standard, updated by RFC 2890)
- RFC 2890Key and Sequence Number Extensions to GRE (proposed standard)
- RFC 2637Point to Point Tunneling Protocol (informational)