/vxcap

Capture and dump VXLAN encapsulated traffic

Primary LanguageGoMIT LicenseMIT

vxcap

Travis-CI Report card

Capture and dump VXLAN encapsulated traffic. Main focus is AWS VPC traffic mirroring.

arch

Setup

Prerequisite

  • Go >= 1.11.1

Install

go install github.com/m-mizutani/vxcap

Getting started

Capture traffic and save packet to file as pcap format

vxcap -d pcap -e fs --fs-filename your_dump_file.pcap

Capture traffic and save packet to AWS S3 Bucket as json record

vxcap -d json -e s3 --aws-region ap-northeast-1 --aws-s3-bucket your-bucket-name

Capture traffic and send packet data to AWS Firehose

vxcap -d json -e firehose --aws-region ap-northeast-1 --aws-firehose-name your-hose-name

Options

  • Base options
    • --emitter <value>, -e <value>: Destination to save data [fs,s3,firehose] (default: "fs")
    • --dumper <value>, -d <value>: Write format [pcap,json] (default: "pcap")
    • --log-level <value>: Log level [trace,debug,info,warn,error] (default: "info")
  • Options for UDP server to receive VXLAN packet
    • --port <value>, -p <value>: UDP port of VXLAN receiver (default: 4789)
    • --receiver-queue-size <value>: Queue size between UDP server and packet processor (default: 1024)
  • Options for file system emitter (fs)
    • --fs-filename <value>: Base file name for FS emitter (default: "dump")
    • --fs-dirpath <value>: Output directory for FS emitter (default: ".")
  • Options for AWS service emitter (s3 and firehose)
    • --aws-region <value>: AWS region for emitter to AWS
    • --aws-s3-bucket <value>: AWS S3 bucket name for S3 emitter
    • --aws-s3-prefix <value>: Prefix of AWS S3 object key for S3 emitter
    • --aws-s3-add-time-key: Enable to add time key to S3 object key for S3 emitter
    • --aws-s3-flush-count <value>: Threshold of record number to flush object to AWS S3 bucket
    • --aws-s3-flush-interval <value>: Flush interval (seconds) to AWS S3 bucket
    • --aws-firehose-name <value>: Name of AWS Firehose for Firehose emitter
    • --aws-firehose-flush-size <value> Threshold of record size to flush object to AWS Firehose
    • --aws-firehose-flush-interval <value>: Flush interval (seconds) to AWS Firehose
  • Options for JSON format
    • --enable-json-text: Enable human readable application layer payload in json format
    • --enable-json-raw: Enable raw application layer payload (base64 encoded) in json format

Test

go test ./...

Author and License