ProHoster > Блог > ozi ịntanetị > Arkime 3.1 sistemu indexing okporo ụzọ netwọkụ dị

Arkime 3.1 sistemu indexing okporo ụzọ netwọkụ dị

Ntọhapụ nke usoro maka ijide, na-echekwa na indexing netwọk ngwugwu Arkime 3.1 ka akwadoro, na-enye ngwá ọrụ maka anya na-enyocha okporo ụzọ na-aga na ịchọ ozi metụtara netwọk ọrụ. AOL malitere ọrụ a na ebumnobi nke imepụta ngbanwe mepere emepe na nke enwere ike ibugharị maka nyiwe nhazi ngwugwu netwọkụ azụmahịa, nke nwere ike ịhazigharị okporo ụzọ na ọsọ nke iri gigabits kwa sekọnd. Edere koodu akụrụngwa njide okporo ụzọ na C, na etinyere interface ahụ na Node.js/JavaScript. A na-ekesa koodu isi mmalite n'okpuru ikike Apache 2.0. Na-akwado ọrụ na Linux na FreeBSD. A na-akwado ngwugwu emebere maka Arch, CentOS na Ubuntu.

Arkime gụnyere ngwaọrụ maka ịdeta na ịdepụta okporo ụzọ n'ụdị PCAP, ma na-enyekwa ngwaọrụ maka ịnweta data indexed ngwa ngwa. Ojiji nke usoro PCAP na-eme ka njikọta na ndị nyocha okporo ụzọ dị ugbu a dị ka Wireshark dị mfe. A na-amachi oke data echekwara naanị site na nha n'usoro diski dị. Edepụtara metadata oge n'ime ụyọkọ dabere na injin Elasticsearch.

Iji nyochaa ozi achịkọbara, a na-enye ihe ntanetị weebụ nke na-enye gị ohere ịnyagharịa, chọọ na mbupụ samples. Ihe ntanetị weebụ na-enye ọtụtụ ụdị nlele - site na ọnụ ọgụgụ izugbe, maapụ njikọ na eserese ngosi nwere data gbasara mgbanwe na ọrụ netwọk gaa na ngwaọrụ maka ọmụmụ oge nke onye ọ bụla, nyochaa ọrụ n'ọnọdụ nke usoro iwu eji na ịkọwa data sitere na PCAP. A na-enyekwa API nke na-enye gị ohere izipu data gbasara ngwugwu ejidere n'ụdị PCAP na oge ekposasịrị n'ụdị JSON gaa na ngwa ndị ọzọ.

Arkime 3.1 sistemu indexing okporo ụzọ netwọkụ dị

Arkime nwere ihe atọ bụ isi:

  • Usoro njide okporo ụzọ bụ ngwa C nke nwere ọtụtụ eriri maka nyochaa okporo ụzọ, na-ede ihe mkpofu n'ụdị PCAP na diski, nyochaa ngwugwu ejidere na izipu metadata gbasara nnọkọ (SPI, Nyocha ngwugwu Stateful) na protocols na ụyọkọ Elasticsearch. Ọ ga-ekwe omume ịchekwa faịlụ PCAP n'ụdị ezoro ezo.
  • Ihe ntanetị weebụ dabere na ikpo okwu Node.js, nke na-agba ọsọ na ihe nkesa na-ejide okporo ụzọ na nhazi arịrịọ metụtara ịnweta data indexed na ịnyefe faịlụ PCAP site na API.
  • Nchekwa metadata dabere na Elasticsearch.

Arkime 3.1 sistemu indexing okporo ụzọ netwọkụ dị

Na mwepụta ọhụrụ:

  • Nkwado agbakwunyere maka ụkpụrụ IETF QUIC, GENEVE, VXLAN-GPE.
  • Nkwado agbakwunyere maka ụdị Q-in-Q (Double VLAN), nke na-enye gị ohere itinye mkpado VLAN na mkpado ọkwa nke abụọ iji gbasaa ọnụọgụ VLAN ruo nde 16.
  • Nkwado agbakwunyere maka ụdị ubi “ese n'elu”.
  • Agbanwela modul ndekọ na Amazon Elastic Compute Cloud ka ọ jiri usoro IMDSv2 (Ọrụ Metadata Service) mee ihe.
  • Emegharịrị koodu ahụ ka ịgbakwunye ọwara UDP.
  • Nkwado agbakwunyere maka elasticsearchAPIKey na elasticsearchBasicAuth.

isi: opennet.ru

Tinye a comment