Ebipụtala ntọhapụ nke usoro maka ijide, na-echekwa na indexing ngwugwu netwọk Arkime 5.0, na-enye ngwá ọrụ maka anya na-enyocha okporo ụzọ okporo ụzọ na ịchọ ozi metụtara netwọk ọrụ. AOL malitere ọrụ a na ebumnobi nke imepụta ngbanwe mepere emepe maka nyiwe nhazi ngwugwu netwọkụ azụmahịa nke na-akwado ntinye na sava ya ma nwee ike hazie okporo ụzọ na ọsọ nke iri gigabits kwa sekọnd. Edere koodu akụrụngwa njide okporo ụzọ na C, na etinyere interface ahụ na Node.js/JavaScript. A na-ekesa koodu isi mmalite n'okpuru ikike Apache 2.0. Na-akwado ọrụ na Linux na FreeBSD. A na-akwado ngwugwu akwadoro maka Arch Linux, RHEL/CentOS na Ubuntu.
Arkime na-agụnye ngwaọrụ maka ijide na ntinye aha okporo ụzọ PCAP, ma na-enyekwa ngwaọrụ maka ịnweta ngwa ngwa data indexed. Iji usoro PCAP ọkọlọtọ na-eme ka njikọta na ndị nyocha okporo ụzọ dị ugbu a dị ka Wireshark dị mfe. A na-amachi oke data echekwara naanị site na nha n'usoro diski dị. A na-edepụta metadata oge n'ime ụyọkọ dabere na Elasticsearch ma ọ bụ OpenSearch. Akụkụ njide okporo ụzọ na-arụ ọrụ n'ụdị eriri multi-threaded na-edozi ọrụ nke nlekota oru, na-ede ihe ndabara PCAP na diski, nyochaa ngwugwu ejidere na izipu metadata gbasara nnọkọ (SPI, Nyocha ngwugwu Stateful) na protocols na Elasticsearch/OpenSearch ụyọkọ. Ọ ga-ekwe omume ịchekwa faịlụ PCAP n'ụdị ezoro ezo.
Iji nyochaa ozi achịkọbara, a na-enye ihe ntanetị weebụ nke na-enye gị ohere ịnyagharịa, chọọ na mbupụ samples. Ihe ntanetị weebụ na-enye ọtụtụ ụdị nlele - site na ọnụ ọgụgụ izugbe, maapụ njikọ na eserese ngosi nwere data gbasara mgbanwe na ọrụ netwọk gaa na ngwaọrụ maka ọmụmụ oge nke onye ọ bụla, nyochaa ọrụ n'ọnọdụ nke usoro iwu eji na ịkọwa data sitere na PCAP. A na-enyekwa API nke na-enye gị ohere izipu data gbasara ngwugwu ejidere n'ụdị PCAP na oge ekposasịrị n'ụdị JSON gaa na ngwa ndị ọzọ.
Na ụdị ọhụrụ:
- Agbakwunyere ike izipu arịrịọ nchọkọ ọnụ maka ozi site na ọrụ Cont3xt iji nakọta ozi dị na isi mmalite mepere emepe (OSINT) n'otu oge gbasara ọtụtụ ihe.
- Nkwado agbakwunyere maka ụzọ akara mkpịsị aka okporo ụzọ JA4 na JA4+ iji chọpụta usoro na ngwa netwọkụ.
- Agbanwewo nhazi nke ngọngọ na nkọwa zuru ezu banyere nnọkọ ahụ, nke na-ebelata ohere a na-ejighị ya ma na-eme ihe nhazi nke abụọ maka nnukwu ihuenyo.
- Agbakwunyela ihe mgbochi mkpọda na taabụ Faịlụ, History na Stats maka ịchọ n'otu oge n'ọtụtụ oge nke interface maka ọnụ ọgụgụ nlele (Nlele).
- Ejikọtala usoro ikike ahụ wee kewaa n'ime modul dị iche, nke a na-eji ugbu a na ngwa Arkime niile. Kama ụdị ikike enweghị aha, a na-eji usoro mgbari nri na ndabara. Ụdị ikike ọhụrụ agbakwunyere: isi, ụdị, isi+ụdị, basic+oidc, headerOnly, nkụnye eji isi mee+ digest na nkụnye eji isi mee+ isi.
- Ebufeela ngwa niile na sistemụ nhazi jikọtara ọnụ nke na-akwado nhazi nhazi n'ụdị dị iche iche (ini, json, yaml) ma nwee ike ibunye ntọala site na isi mmalite dị iche iche, dịka ọmụmaatụ, site na diski, na netwọk site na HTTPS ma ọ bụ site na OpenSearch/Elasticsearch. .
- Nkwado agbakwunyere maka mbubata echekwara (na-anọghị n'ịntanetị) PCAP na-atụfu na nbudata ya site na URL site na HTTPS ma ọ bụ site na nchekwa Amazon S3, na-enweghị mkpa ibu ụzọ chekwaa ha na sistemụ mpaghara.
isi: opennet.ru