/go-clock-view

allows one to gain insight into a firewalled network by passively collecting remote system uptimes to compare with local system time

Primary LanguageGo

go-clock-view

Description

This project collects tcp timestamps passivly and in real time compares each packets system uptime to the uptime of the packets before it. It can provide useful information such as the of the number of devices behind a firewalled network without generating a packet. This can be useful in detecting tethering and to gain insight into the network topology behind a network address translator or in situations where promiscous detection is unsuitable.

(https://github.com/aslanvaroqua/go-clock-view).

the offset of the uptimes per ip can tell us a lot about a network topology and is useful for understanding what type of systems are utilizing a network and also to prevent unauthorized tethering/connection sharing in the telecommunications industry.

Usage


Usage of ./go-clock-skew:

  -e string

    	device name (default "eth0")

  -f string

    	storage file (default "storage.csv")

  -filter string

    	bpFilter (default "tcp")

  -h	help

Example


./go-clock-skew -filter "src host 10.10.89.144" -f 144.csv

where to go from here?

go get "github.com/aslanvaroqua/go-clock-view"
go get "github.com/google/gopacket"
go get "go get gopkg.in/mgo.v2"
su -i
apt install mongodb
apt install libpcap-dev
ifconfig -> find appropriate network interface or use default (eth0)
go build main.go
mv main.go /usr/bin/clock-view
clock-view -e eth0 {other options)