Usage: distributed-sniffer [-hnV] [-c=<captureCommand>] [-o=<output>]
[-p=<serverPort>] [-P=<protocolName>] [-s=<host>]
[-S=<hostFile>]
-c, --command=<captureCommand>
Command to perform packet capture (default=tcpdump)
-h, --help Show this help message and exit.
-n, --no-serve Does not act as a server visible to other hosts
-o, --output=<output> Output file. Standard input is used if ouput is "-"
-p, --port=<serverPort> Server port (default=667)
-P, --protocol=<protocolName>
protocol used for sending messages between client
and server ([UDP], TCP, SCTP)
-s, --host=<host> Host to sniff
-S, --host-file=<hostFile>
File with hosts to sniff
-V, --version Print version information and exit.
The UDP protocol is not connection oriented, so it was necessary to create a messaging system to identify when a new client connects or disconnects from the broadcast:
The client/server communication implemented for TCP and SCTP protocols is similar. The client's addHost() method opens a connection in a new thread and listens for new messages coming from the server. The server will remove clients that are no longer connected.
Starting a server only
docker run --name sniffer-server --rm tcpassos/distributed-snifferStarting a client that will listen to a server
docker run --name sniffer-listener --rm tcpassos/distributed-sniffer --no-serve --host=<<server address>>Or starting a client that will listen to multiple servers (the hosts file has the IP address of each server separated by lines)
docker run --rm \
--name sniffer-listener \
-v hosts_file_directory:/usr/src/files \
tcpassos/distributed-sniffer \
--host-file=/usr/src/files/hosts.txtSimulating requests:
docker exec sniffer-server /usr/bin/curl google.comWe can analyze packet traffic between containers with tcpdump running in another container:
docker run --rm --net=host -v "$PWD":/tcpdump kaazing/tcpdumpThe script available at /tools/statistics.py can graph statistics for each implemented protocol
python3 statistics.py --file example.pcap --port 667
