An shirya sakin tsarin don ɗaukarwa, adanawa da ƙididdige fakitin cibiyar sadarwa Arkime 3.1, samar da kayan aikin don tantance zirga-zirgar zirga-zirgar gani da kuma neman bayanan da suka danganci ayyukan cibiyar sadarwa. Asalin aikin AOL ne ya kirkiro shi tare da manufar ƙirƙirar buɗaɗɗe kuma wanda za'a iya turawa don dandamalin sarrafa fakitin cibiyar sadarwar kasuwanci, mai iya ƙima don aiwatar da zirga-zirga cikin sauri na dubun gigabits a sakan daya. An rubuta lambar ɓangaren kama zirga-zirga a cikin C, kuma ana aiwatar da haɗin gwiwar a Node.js/JavaScript. Ana rarraba lambar tushe a ƙarƙashin lasisin Apache 2.0. Yana goyan bayan aiki akan Linux da FreeBSD. An shirya fakitin da aka shirya don Arch, CentOS da Ubuntu.
Arkime ya haɗa da kayan aiki don ɗauka da ƙididdige zirga-zirga a cikin tsarin PCAP na asali, kuma yana ba da kayan aikin don saurin samun bayanai masu ƙididdiga. Amfani da tsarin PCAP yana sauƙaƙa haɗin kai sosai tare da masu nazarin hanyoyin zirga-zirga kamar Wireshark. Ƙarar bayanan da aka adana yana iyakance kawai ta girman faifan da ke akwai. An yi lissafin metadata na zama a cikin gungu dangane da injin binciken Elastick.
Don bincika bayanan da aka tara, ana ba da hanyar haɗin yanar gizo wanda ke ba ku damar kewayawa, bincika da samfuran fitarwa. Gidan yanar gizon yana ba da hanyoyin kallo da yawa - daga ƙididdiga na gabaɗaya, taswirorin haɗin gwiwa da jadawali na gani tare da bayanai kan canje-canjen ayyukan cibiyar sadarwa zuwa kayan aikin nazarin zaman ɗaiɗaiku, nazarin ayyuka a cikin mahallin ƙa'idodin da aka yi amfani da su da rarraba bayanai daga jujjuyawar PCAP. Ana kuma ba da API wanda ke ba ku damar aika bayanai game da fakitin da aka kama a cikin tsarin PCAP da kuma zaman da aka haɗa a cikin tsarin JSON zuwa aikace-aikacen ɓangare na uku.
Arkime ya ƙunshi abubuwa na asali guda uku:
- Tsarin kama zirga-zirga shine aikace-aikacen C da yawa mai zaren sa ido, rubuta juji a tsarin PCAP zuwa faifai, rarraba fakitin da aka kama da aika metadata game da zaman (SPI, Binciken fakiti na Jiha) da ka'idoji zuwa gungu na Elasticsearch. Yana yiwuwa a adana fayilolin PCAP a rufaffen tsari.
- Yanar gizon yanar gizo dangane da dandamalin Node.js, wanda ke gudana akan kowane uwar garken kama zirga-zirga da aiwatar da buƙatun da suka shafi samun bayanai da aka ƙididdigewa da canja wurin fayilolin PCAP ta API.
- Ma'ajiyar metadata bisa Elasticsearch.
A cikin sabon saki:
- Ƙara tallafi don IETF QUIC, GENEVE, ladabi na VXLAN-GPE.
- Ƙara goyon baya ga nau'in Q-in-Q (VLAN guda biyu), wanda ke ba ku damar sanya alamun VLAN a cikin alamun mataki na biyu don faɗaɗa adadin VLAN zuwa miliyan 16.
- Ƙara tallafi don nau'in filin "tasowa ruwa".
- An canza tsarin rikodi a cikin Amazon Elastic Compute Cloud don amfani da ka'idar IMDSv2 (Sabis na Metadata na Misali).
- An sake gyara lambar don ƙara ramukan UDP.
- Ƙara tallafi don elasticsearchAPIKey da elasticsearchBasicAuth.
source: budenet.ru