Kamfanin AOL saki tsarin don ɗaukarwa, adanawa da ƙididdige fakitin cibiyar sadarwa , wanda ke ba da kayan aikin gani don tantance hanyoyin zirga-zirgar zirga-zirga da kuma neman bayanan da suka danganci ayyukan cibiyar sadarwa. An rubuta lambar a cikin yaren C (musamman a cikin Node.js/JavaScript) da lasisi a ƙarƙashin Apache 2.0. Yana goyan bayan aiki akan Linux da FreeBSD. Shirya An shirya don nau'ikan CentOS da Ubuntu daban-daban.
An ƙirƙiri aikin a cikin 2012 tare da manufar ƙirƙirar buɗaɗɗen maye gurbin dandamalin sarrafa fakitin cibiyar sadarwar kasuwanci wanda zai iya ƙima zuwa adadin zirga-zirgar AOL. Aiwatar da sabon tsarin a cikin AOL ya ba da damar samun cikakken iko akan ababen more rayuwa saboda turawa a kan sabobin sa kuma yana rage farashin - ta amfani da Moloch don kama zirga-zirga gaba ɗaya a cikin duk hanyoyin sadarwa na AOL ƙimar daidai da lokacin amfani. A baya can, an kashe shi don ɗaukar zirga-zirga akan hanyar sadarwa ɗaya kawai. Tsarin zai iya yin ƙima don sarrafa zirga-zirga a cikin gudu na dubun gigabits a cikin daƙiƙa guda. Ƙarar bayanan da aka adana yana iyakance kawai ta girman faifan da ke akwai.
An yi lissafin metadata na zama a cikin gungu na tushen injin .
Moloch ya haɗa da kayan aiki don kamawa da ƙididdige zirga-zirgar ababen hawa a cikin tsarin PCAP na asali, da kuma samun saurin samun bayanai masu ƙididdiga. Don bincika bayanan da aka tara, ana ba da hanyar haɗin yanar gizo wanda ke ba ku damar kewayawa, bincika da samfuran fitarwa. An kuma bayar , wanda ke ba ka damar canja wurin bayanai game da fakitin da aka kama a cikin tsarin PCAP da kuma juzu'i a cikin tsarin JSON zuwa aikace-aikacen ɓangare na uku. Amfani da tsarin PCAP yana sauƙaƙa haɗin kai sosai tare da masu nazarin hanyoyin zirga-zirga kamar Wireshark.
Moloch ya ƙunshi abubuwa na asali guda uku:
- Tsarin kama zirga-zirga shine aikace-aikacen C da yawa mai zaren sa ido, rubuta juji a tsarin PCAP zuwa faifai, rarraba fakitin da aka kama da aika metadata game da zaman (SPI, Binciken fakiti na Jiha) da ka'idoji zuwa gungu na Elasticsearch. Yana yiwuwa a adana fayilolin PCAP a rufaffen tsari.
- Yanar gizon yanar gizo dangane da dandamalin Node.js, wanda ke gudana akan kowane uwar garken kama zirga-zirga da aiwatar da buƙatun da suka shafi samun bayanai da aka ƙididdigewa da canja wurin fayilolin PCAP ta hanyar. .
- Ma'ajiyar metadata bisa Elasticsearch.
Gidan yanar gizon yana ba da hanyoyin kallo da yawa - daga ƙididdiga na gabaɗaya, taswirorin haɗin gwiwa da jadawali na gani tare da bayanai kan canje-canjen ayyukan cibiyar sadarwa zuwa kayan aikin nazarin zaman ɗaiɗaiku, nazarin ayyuka a cikin mahallin ƙa'idodin da aka yi amfani da su da rarraba bayanai daga jujjuyawar PCAP.
В :
- An yi canji zuwa yin amfani da tsari mara rubutu don firikwensin a cikin Elasticsearch.
- An ƙara misalan matatun kama zirga-zirga a cikin Lua.
- An aiwatar da goyan bayan sigar daftarin 46 na ƙa'idar QUIC.
- An sake yin amfani da lambar don daidaita ladabi, yana ba da damar rubuta parsers don ka'idodin matakin Ethernet da IP.
- An gabatar da sabbin nazarce-nazarce don arp, bgp, igmp, isis, lldp, ospf da ka'idojin pim, da kuma fassarori don ƙa'idodin unkEthernet da ba a sani ba da unkIpProtocol.
- Ƙara wani zaɓi don musaki masu fasikanci (disableParsers).
- An ƙara ikon nuna kowane filin lamba akan ginshiƙi, saita akan shafin saiti, zuwa mahaɗin yanar gizo.
- Za a iya daskare zane-zane da taken yanzu kuma ba sa motsawa yayin gungurawa shafin.
- Yawancin sandunan kewayawa suna ɓoye ko rugujewa ta tsohuwa.
source: budenet.ru