文件列表:

Makefile (1045, 2019-08-10)
Makefile.evconnections (750, 2019-08-10)
Makefile.evmerger (737, 2019-08-10)
Makefile.evreader (1047, 2019-08-10)
Makefile.test_segments (509, 2019-08-10)
evconnections.cpp (10651, 2019-08-10)
evmerger.cpp (494, 2019-08-10)
evreader.cpp (16212, 2019-08-10)
fs/ (0, 2019-08-10)
fs/file.cpp (2056, 2019-08-10)
fs/file.h (2549, 2019-08-10)
html/ (0, 2019-08-10)
html/events.css (256, 2019-08-10)
html/events.html (996, 2019-08-10)
html/events.js (31316, 2019-08-10)
memory/ (0, 2019-08-10)
memory/unique_ptr.h (1915, 2019-08-10)
net/ (0, 2019-08-10)
net/address.h (140, 2019-08-10)
net/capture/ (0, 2019-08-10)
net/capture/callbacks.h (788, 2019-08-10)
net/capture/limits.h (244, 2019-08-10)
net/capture/method.h (221, 2019-08-10)
net/capture/ring_buffer.cpp (10397, 2019-08-10)
net/capture/ring_buffer.h (4337, 2019-08-10)
net/capture/socket.cpp (5001, 2019-08-10)
net/capture/socket.h (2078, 2019-08-10)
net/limits.h (144, 2019-08-10)
net/mask.cpp (2286, 2019-08-10)
net/mask.h (2330, 2019-08-10)
net/mon/ (0, 2019-08-10)
net/mon/configuration.cpp (34967, 2019-08-10)
net/mon/configuration.h (5685, 2019-08-10)
net/mon/dns/ (0, 2019-08-10)
net/mon/dns/inverted_cache.h (7068, 2019-08-10)
net/mon/dns/message.cpp (7790, 2019-08-10)
net/mon/dns/message.h (1715, 2019-08-10)
net/mon/event/ (0, 2019-08-10)
net/mon/event/base.cpp (13294, 2019-08-10)
... ...

netmon ====== Network monitor for Linux. ## `netmon` `netmon` processes IP packets coming either from a network interface or from a PCAP file and generates six kind of events: * ICMP: containing the following information: * Timestamp * Source address * Destination address * Number of bytes transferred * ICMP type * ICMP code * UDP: containing the following information: * Timestamp * Source address * Source port * Destination address * Destination port * Number of bytes transferred * DNS (request and response): containing the following information: * Timestamp * Source address * Source port * Destination address * Destination port * Number of bytes transferred * Domain queried * For responses: list of IP addresses * Begin TCP connection: containing the following information: * Timestamp * Source address * Source port * Destination address * Destination port * TCP data: containing the following information: * Timestamp * Source address * Source port * Destination address * Destination port * Creation timestamp * Number of bytes of payload * End TCP connection: containing the following information: * Timestamp * Source address * Source port * Destination address * Destination port * Creation timestamp * Number of bytes transferred by the client * Number of bytes transferred by the server These events are written to a file in binary format, one file per worker thread. ## `evmerger` The event files can be merged using `evmerger`, which takes two or more event files and generates an output file containing all the events. ## `evreader` The event files can be viewed using `evreader`, which can dump the events in the following formats: * Human readable * JSON * Javascript * CSV * SQLite database `evreader` has a DNS cache for IPv4 and a DNS cache for IPv6 and can provide (when possible) the source hostname and the destination hostname. ## `evconnections` Takes as input an event file and generates as output an event file with the "End TCP connection" events. The events can be sorted by: * Duration * Transferred client * Transferred server * Transferred ## Usages: ###### `netmon` ``` ./netmon OPTIONS OPTIONS: Capture configuration: --capture-method ::= "pcap" | "ring-buffer" | "socket" Mandatory. --capture-device : either a PCAP filename for the capture method "pcap" or the name of a network interface. Mandatory. --rcvbuf-size : size of the socket receive buffer. Greater or equal than: 2048, default: not set. Optional. --promiscuous-mode Enable interface's promiscuous mode. Default: no. Optional. Ring buffer configuration: --ring-buffer-block-size : size of the ring buffer block. Range: 128 .. 18446744073709551615, default: 4096. Optional. --ring-buffer-frame-size : size of the ring buffer frame. Range: 128 .. 18446744073709551615, default: 2048. Optional. --ring-buffer-frame-count : number of frames in the ring buffer. Range: 8 .. 18446744073709551615, default: 512. Optional. TCP/IPv4 hash table configuration: --tcp-ipv4-hash-size : size of the hash table. Range: 256 .. 4294967296, default: 4096. Optional. --tcp-ipv4-max-connections : maximum number of connections. Range: 256 .. 4294967296, default: 1048576. Optional. --connection-timeout : connection timeout (seconds). Greater or equal than: 5, default: 7200. Optional. --tcp-time-wait : TCP time wait (seconds). Greater or equal than: 1, default: 120. Optional. TCP/IPv6 hash table configuration: --tcp-ipv6-hash-size : size of the hash table. Range: 256 .. 4294967296, default: 4096. Optional. --tcp-ipv6-max-connections : maximum number of connections. Range: 256 .. 4294967296, default: 1048576. Optional. --connection-timeout : connection timeout (seconds). Greater or equal than: 5, default: 7200. Optional. --tcp-time-wait : TCP time wait (seconds). Greater or equal than: 1, default: 120. Optional. Workers configuration: --number-workers : number of worker threads. Range: 1 .. 1024, default: 4. Optional. --processors "all" | "even" | "odd" | ::= [,]* ::= 0 .. 7 Optional. --events-directory : directory where to save the event files. Default: ".". Optional. --file-allocation-size : file allocation size. Default: 1073741824. Optional. --event-writer-buffer-size : size of the event writer buffer. Greater or equal than: 1024, default: 32768. Optional. ::= + ::= [KMG] Optional suffixes: K (KiB), M (MiB), G (GiB) ``` ###### `evmerger` ``` Usage: ./evmerger ... ``` ###### `evreader` ``` Usage: ./evreader [OPTIONS] --input-filename Options: --help --output-filename : Name of the file where to save the output. Default: standard output. --output

::= "header" | "human-readable" | "json" | "javascript" | "csv" | "sqlite" Default: "human-readable" --format ::= "pretty-print" | "compact" Default: "pretty-print" --csv-separator : CSV character separator. Default: ',' --filter ::= () ::= ::= ::= "&&" | "||" ::= "==" | "!=" | "<" | ">" | "<=" | ">=" ::= "date" | "event_type" | "source_ip" | "source_hostname" | "source_port" | "destination_ip" | "destination_hostname" | "destination_port" | "ip" | "hostname" | "port" | "icmp_type" | "icmp_code" | "transferred" | "query_type" | "domain" | "number_dns_responses" | "dns_response" | "payload" | "creation" | "duration" | "transferred_client" | "transferred_server" ::= | | | | | | ::= "icmp" | "udp" | "dns" | "tcp-begin" | "tcp-data" | "tcp-end" ::= "*" ::= timestamp with the format YYYY/MM/DD hh:mm:ss[.uuuuuu] ::= connection duration in seconds ::= network address in CIDR notation ``` ###### `evconnections` ``` Usage: ./evconnections [OPTIONS] --input-filename --output-filename Options: --help --compare ::= "duration" | "transferred-client" | "transferred-server" | "transferred" --order ::= "ascending" | "descending" Default: "ascending" ``` ## `qevents` Qt program which displays the TCP connections from a JSON file containing events.

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：