{"id":15032026,"url":"https://github.com/soleinik/net-gazer-sensor","last_synced_at":"2025-04-09T21:23:10.737Z","repository":{"id":204373070,"uuid":"234951384","full_name":"soleinik/net-gazer-sensor","owner":"soleinik","description":"network connection capture and analysis daemon","archived":false,"fork":false,"pushed_at":"2024-10-07T01:21:14.000Z","size":642,"stargazers_count":9,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-23T23:15:49.742Z","etag":null,"topics":["analysis-daemon","daemon","endpointsecurity","net-gazer","rust","rust-lang","rust-language","traceroute"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/soleinik.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-19T19:13:11.000Z","updated_at":"2024-10-07T01:21:18.000Z","dependencies_parsed_at":null,"dependency_job_id":"683d94e2-e5ec-4ac8-941c-2a5b3a19ec5c","html_url":"https://github.com/soleinik/net-gazer-sensor","commit_stats":null,"previous_names":["soleinik/net-gazer-sensor"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soleinik%2Fnet-gazer-sensor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soleinik%2Fnet-gazer-sensor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soleinik%2Fnet-gazer-sensor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soleinik%2Fnet-gazer-sensor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/soleinik","download_url":"https://codeload.github.com/soleinik/net-gazer-sensor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248113043,"owners_count":21049771,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis-daemon","daemon","endpointsecurity","net-gazer","rust","rust-lang","rust-language","traceroute"],"created_at":"2024-09-24T20:17:08.831Z","updated_at":"2025-04-09T21:23:10.722Z","avatar_url":"https://github.com/soleinik.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\n# \"_net-gazer_\" - network connection capture and analysis daemon \n\n## Goals\nDesign daemon, capable of intercepting traversing ethernet frames from network interface. Daemon should be able to load plugins for specialized packet processing. Plugins will be sending inspection reports via host daemon provided facilities. For deployment, daemon will be deployed to endponts, such as gateway, switch spanning ports and workstations\n\nPlugins can use captured data for:\n+ network performace monitoring\n+ communication visualization\n+ statistical analysis\n+ host/network security\n+ many other things\n\n## my experiments\n+ [traceroute: VPN box, with no VPN server running](./docs/use-case-vpn-host-with-no-vpn-running.md) \n+ [all ipv4 plugin: VPN box](./docs/use-case-with-all-ipv4-plugin.md) \n\n\n\u003cbr/\u003e\n\n## other components\n![report collector](https://github.com/soleinik/net-gazer-web) data-collector part..   \n![demo plugin](https://github.com/soleinik/net-gazer-plugin-demo) example pluging   \n![traceroute plugin](https://github.com/soleinik/net-gazer-plugin-traceroute) - captures SYN+SYN/ACKs and traces tcp connection destination (just for fun) and profides graphed data, that can be visualised    \n![all ipv4 plugin](https://github.com/soleinik/net-gazer-plugin-all-ipv4) - captures all ipv4 pakets\n\n\n## TODOs\n+ geoiplocation - move to another process\n+ traceroute  \n  + udp\n  + icmp\n  + tcp\n\n## Graphed http sessions, originated from browser\n![Graphed http sessions originated from my workstation](./docs/graphed-session.png)\n\n\n## Deployment\n![deployment diagram](./docs/deployment.png)\n\n\n## Architecture\n![Architecture](./docs/app-architecture.png)\n\n\n## Components\n1. [net-gaser-sensor](https://github.com/soleinik/net-gazer-sensor)\n2. net-gazer-plugins\n  * [demo](https://github.com/soleinik/net-gazer-plugin-demo)  \n  * [traceroute](https://github.com/soleinik/net-gazer-plugin-traceroute)  \n  * [all ipv4 plugin](https://github.com/soleinik/net-gazer-plugin-all-ipv4)  \n\n3. collector [net-gazer-web](https://github.com/soleinik/net-gazer-web)\n4. redisgraph db [docker-compose](https://github.com/soleinik/net-gazer-web/blob/master/docker-compose.yml)\n\n\n## how I run it...\n\n1. build net-gazer-sensor \n```\n$ cargo deb\n```\ninstall [cargo-deb](https://crates.io/crates/cargo-deb) as \n```\n$ cargo install cargo-deb\n```\n2. install net-gazer-sensor (plugins deb is configured for dependency on net-gazer)\n``` \n# dpkg -i ./target/debian/net-gazer_0.1.0_amd64.deb\n```\n3. stop daemon (b/c we will run it from cli)\n```\n# systemctl stop net-gazer\n```\n4. build plugin (from plugin repo build deb and install with dpkg)\n\n5. build and run net-gazer-web\n```\n$ cargo run\n```\n6. with docker-compose bring up redisgraph \n```\n$ docker-compose up\n```\n7. run net-gazer-sensor (it will discover deployed plugin)\n```\n$ cargo run -- -vv\n```\n8. Create some network traffic \n\n9. I use \"redisinsight\" to check graph (cypher query)\n```\nMATCH (n:hop) return n\n```\nto see 5 \"neighbour\" hopes\n```\nMATCH (a:hop{ip:'192.168.\u003cyour\u003e.\u003cip\u003e'})-[next*1..5]-\u003e(ancestors) RETURN a, ancestors\n```\n10. to remove everything (ofter done)\n```\n# apt-get purge net-gazer\n```\n\n\n\n## To run (cli help)\nroot is needed to run (./.cargo/config)\n```\n$ cargo run [-- --help]\n\n$ cargo run -- -i eth0 -v\n\n```\n\n## Configuration file search order\n```\n./etc/net-gazer/net-gazer.toml\n/usr/local/etc/net-gazer/net-gazer.toml\n/etc/net-gazer/net-gazer.toml\n```\n\n## Help\n```\ncargo run -- --help\n\nRunning `sudo -E target/debug/net-gazer --help`\nnet-gazer 0.1.0\nnetwork connection capture and analysis daemon\n\nUSAGE:\n    net-gazer [FLAGS] [OPTIONS]\n\nFLAGS:\n    -h, --help         Prints help information\n    -V, --version      Prints version information\n    -v, --verbosity    Verbose mode (-v(info), -vv(debug), -vvv(trace), etc.)\n\nOPTIONS:\n    -c, --config \u003cconfig-path\u003e    configuration file [env: NG_CONFIG=]\n    -i, --iface \u003ciface\u003e           target network interface [env: NG_IFACE=]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoleinik%2Fnet-gazer-sensor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoleinik%2Fnet-gazer-sensor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoleinik%2Fnet-gazer-sensor/lists"}