{"id":13509417,"url":"https://github.com/deepfence/PacketStreamer","last_synced_at":"2025-03-30T13:32:15.632Z","repository":{"id":37585302,"uuid":"474043179","full_name":"deepfence/PacketStreamer","owner":"deepfence","description":":star: :star: Distributed tcpdump for cloud native environments :star: :star:","archived":false,"fork":false,"pushed_at":"2024-07-01T09:09:55.000Z","size":2163,"stargazers_count":1875,"open_issues_count":21,"forks_count":252,"subscribers_count":12,"default_branch":"main","last_synced_at":"2024-10-29T15:34:16.425Z","etag":null,"topics":["forensics-tools","hacktoberfest","infosectools","network-analysis","observability","packet-capture","packet-sniffer","pcap","secops","security-tools","snort","soc","suricata","tcpdump-like","traffic-monitoring","zeek"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deepfence.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-25T14:31:16.000Z","updated_at":"2024-10-27T19:27:29.000Z","dependencies_parsed_at":"2024-06-18T20:13:34.475Z","dependency_job_id":"1d243ac3-68f0-45d3-b613-2fc29b7b6738","html_url":"https://github.com/deepfence/PacketStreamer","commit_stats":{"total_commits":46,"total_committers":8,"mean_commits":5.75,"dds":0.5,"last_synced_commit":"8d1f537151f80cef5902e8b37c3261313500e44d"},"previous_names":["deepfence/packet-streamer"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2FPacketStreamer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2FPacketStreamer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2FPacketStreamer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2FPacketStreamer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deepfence","download_url":"https://codeload.github.com/deepfence/PacketStreamer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222552864,"owners_count":17002160,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["forensics-tools","hacktoberfest","infosectools","network-analysis","observability","packet-capture","packet-sniffer","pcap","secops","security-tools","snort","soc","suricata","tcpdump-like","traffic-monitoring","zeek"],"created_at":"2024-08-01T02:01:07.409Z","updated_at":"2024-11-01T09:31:28.764Z","avatar_url":"https://github.com/deepfence.png","language":"Go","readme":"[![Documentation](https://img.shields.io/badge/documentation-read-green)](https://docs.deepfence.io/packetstreamer)\n[![GitHub license](https://img.shields.io/github/license/deepfence/PacketStreamer)](https://github.com/deepfence/PacketStreamer/blob/master/LICENSE)\n[![GitHub stars](https://img.shields.io/github/stars/deepfence/PacketStreamer)](https://github.com/deepfence/PacketStreamer/stargazers)\n[![Hacktoberfest](https://img.shields.io/github/hacktoberfest/2022/deepfence/PacketStreamer)](https://github.com/deepfence/PacketStreamer/issues)\n[![GitHub issues](https://img.shields.io/github/issues/deepfence/PacketStreamer)](https://github.com/deepfence/PacketStreamer/issues)\n[![Slack](https://img.shields.io/badge/slack-@deepfence-blue.svg?logo=slack)](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ)\n\n# PacketStreamer\n\nDeepfence PacketStreamer is a high-performance remote packet capture and\ncollection tool. It is used by Deepfence's [ThreatStryker](https://deepfence.io/threatstryker/)\nsecurity observability platform to gather network traffic on demand from cloud\nworkloads for forensic analysis.\n\nPrimary design goals:\n\n* Stay light, capture and stream, no additional processing\n* Portability, works across **virtual machines, Kubernetes and AWS Fargate**. Linux\n  and Windows\n\nPacketStreamer **sensors** are started on the target servers. Sensors capture\ntraffic, apply filters, and then stream the traffic to a central receiver.\nTraffic streams may be compressed and/or encrypted using TLS.\n\nThe PacketStreamer **receiver** accepts PacketStreamer streams from multiple\nremote sensors, and writes the packets to a local `pcap` capture file\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/deepfence/PacketStreamer/main/images/readme/packetstreamer.png\"/\u003e\u003cp\u003e\n\nPacketStreamer sensors collect raw network packets on remote hosts. It selects packets\nto capture using a BPF filter, and forwards them to a central receiver process\nwhere they are written in pcap format.  Sensors are very lightweight and impose\nlittle performance impact on the remote hosts. PacketStreamer sensors can be\nrun on bare-metal servers, on Docker hosts, and on Kubernetes nodes.\n\nThe PacketStreamer receiver accepts network traffic from multiple sensors,\ncollecting it into a single, central `pcap` file.  You can then process the \npcap file or live feed the traffic to the tooling of your choice, such as\n`Zeek`, `Wireshark` `Suricata`, or as a live stream for Machine Learning models.\n\n## When to use PacketStreamer\n\nPacketStreamer meets more general use cases than existing alternatives. For\nexample , Use PacketStreamer if you need a lightweight, efficient method to collect raw\nnetwork data from multiple machines for central logging and analysis.\n\n## Quick Start\n\n![PacketStreamer QuickStart](docs/docs/packetstreamer/img/packetstreamer.svg)\n\nFor full instructions, refer to the [PacketStreamer Documentation](https://docs.deepfence.io/packetstreamer/).\n\nYou will need to install the golang toolchain and `libpcap-dev` before building PacketStreamer.\n  \n```shell script\n# Pre-requisites (Ubuntu): sudo apt install golang-go libpcap-dev\ngit clone https://github.com/deepfence/PacketStreamer.git\ncd PacketStreamer/\nmake\n```\n\nRun a PacketStreamer receiver, listening on port **8081** and writing pcap output to **/tmp/dump_file** (see [receiver.yaml](contrib/config/receiver.yaml)):\n  \n```shell script\n./packetstreamer receiver --config ./contrib/config/receiver.yaml\n```\n\nRun one or more PacketStreamer sensors on local and remote hosts. Edit the **server address** in [sensor.yaml](contrib/config/sensor-local.yaml):\n\n```shell script\n# run on the target hosts to capture and forward traffic\n\n# copy and edit the sample sensor-local.yaml file, and add the address of the receiver host\ncp ./contrib/config/sensor-local.yaml ./contrib/config/sensor.yaml\n\n./packetstreamer sensor --config ./contrib/config/sensor.yaml\n```\n\n  \n## Who uses PacketStreamer?\n\n * Deepfence [ThreatStryker](https://deepfence.io/threatstryker/) uses\n   PacketStreamer to capture traffic from production platforms for forensics\n   and anomaly detection.\n\n## Get in touch\n\nThank you for using PacketStreamer.\n\n * [\u003cimg src=\"https://img.shields.io/badge/documentation-read-green\"\u003e](https://docs.deepfence.io/packetstreamer/) Start with the documentation\n * [\u003cimg src=\"https://img.shields.io/badge/slack-@deepfence-blue.svg?logo=slack\"\u003e](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ) Got a question, need some help?  Find the Deepfence team on Slack\n * [![GitHub issues](https://img.shields.io/github/issues/deepfence/PacketStreamer)](https://github.com/deepfence/PacketStreamer/issues) Got a feature request or found a bug? Raise an issue\n * [productsecurity *at* deepfence *dot* io](SECURITY.md): Found a security issue? Share it in confidence\n * Find out more at [deepfence.io](https://deepfence.io/)\n\n## Security and Support\n\nFor any security-related issues in the PacketStreamer project, contact [productsecurity *at* deepfence *dot* io](SECURITY.md).\n\nPlease file GitHub issues as needed, and join the Deepfence Community [Slack channel](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ).\n\n## License\n\nThe Deepfence PacketStreamer project (this repository) is offered under the [Apache2 license](https://www.apache.org/licenses/LICENSE-2.0).\n\n[Contributions](CONTRIBUTING.md) to Deepfence PacketStreamer project are similarly accepted under the Apache2 license, as per [GitHub's inbound=outbound policy](https://docs.github.com/en/github/site-policy/github-terms-of-service#6-contributions-under-repository-license).\n","funding_links":[],"categories":["Network","Go","Input Tools","security-tools"],"sub_categories":["Full Packet Capture / Forensic","Protocol Analyzers / Sniffers"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepfence%2FPacketStreamer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeepfence%2FPacketStreamer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepfence%2FPacketStreamer/lists"}