https://github.com/joeke80215/dumpcat
dump network packet and log to database
https://github.com/joeke80215/dumpcat
elasticsearch golang gopacket ipv4 libpcap tcp
Last synced: 6 months ago
JSON representation
dump network packet and log to database
- Host: GitHub
- URL: https://github.com/joeke80215/dumpcat
- Owner: joeke80215
- License: mit
- Created: 2018-09-21T14:35:04.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2022-07-24T06:22:54.000Z (almost 4 years ago)
- Last Synced: 2024-06-20T00:42:07.892Z (about 2 years ago)
- Topics: elasticsearch, golang, gopacket, ipv4, libpcap, tcp
- Language: Go
- Homepage:
- Size: 731 KB
- Stars: 9
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# dumpcat
[](https://goreportcard.com/report/github.com/joeke80215/dumpcat)
[](https://www.codacy.com/app/joeekee/dumpcat?utm_source=github.com&utm_medium=referral&utm_content=joeke80215/dumpcat&utm_campaign=Badge_Grade)
[](https://github.com/joeke80215/dumpcat/blob/master/LICENSE)
[](https://travis-ci.org/joeke80215/dumpcat)
dump network packet to database
## overview
* dump packet network to database
* monitor network packet
* analysis network packet
## prerequest
- linux: install libpcap
- centos
```
sudo yum install -y libpcap-devel && sufo yum -y install libpcap
```
- ubuntu
```
apt-get install -y libpcap-devel && apt-get install -y libpcap
```
- windows: install winpcap (https://www.winpcap.org/)
## install
```
go get github.com/joeke80215/dumpcat
```
## build
```
cd $GOPATH/src/github.com/joeke80215/dumpcat
go build -v
```
## filter
BPF format (http://biot.com/capstats/bpf.html)
## database support
- elasticsearch
## logic layer support
- latency
## config
config.yaml
```
dumplist:
{dump name}:
device: {device name}
bpf: {BPF filter string}
.
.
.
logics:
- timeoffset
output:
- elasticsearch:
host: {elasticsearch server host}
```
## usage example
#### create config.yaml
```
dumpList:
http:
device: "enp2s0"
bpf: "tcp port 80"
ftp:
device: "enp2s0"
bpf: "tcp port 21"
sftp:
device: "enp2s0"
bpf: "tcp port 22"
logics:
- latency
output:
elasticsearch:
host: "http://192.168.0.100:9200"
```
#### execute
```
./dumpcat -f config.yaml
```