Iyo kambani AOL kuburitswa kwehurongwa hwekutora, kuchengetedza uye indexing network packet , iyo inopa zvishandiso zvekuona kuongorora mafambiro emigwagwa uye kutsvaga ruzivo rwakabatana nebasa retiweki. Iyo kodhi yakanyorwa mumutauro weC (interface muNode.js/JavaScript) uye ine rezinesi pasi peApache 2.0. Inotsigira basa paLinux uye FreeBSD. Ready yakagadzirirwa mhando dzakasiyana dzeCentOS uye Ubuntu.
Iyo purojekiti yakagadzirwa muna 2012 nechinangwa chekugadzira yakavhurika kutsiva yekutengeserana network packet processing platform inogona kukwira kusvika kuAOL traffic volumes. Kuitwa kwehurongwa hutsva muAOL kwakaita kuti zvikwanise kuwana kutonga kwakazara pamusoro pezvivakwa nekuda kwekuiswa pamasevha ayo uye kuderedza zvakanyanya mutengo - kushandisa Moloch kutora zvachose traffic mune ese maAOL network inodhura yakaenzana kana uchishandisa. Pakutanga, yaishandiswa pakubata traffic pane imwe chete network. Iyo sisitimu inogona kuyera kugadzirisa traffic nekumhanya kwemakumi emagigabits pasekondi. Huwandu hwe data yakachengetwa inongogumira chete nehukuru hweiyo iripo disk array.
Session metadata inonongedzwa muinjini-yakavakirwa cluster .
Moloch inosanganisira maturusi ekutora uye indexing traffic mune yekuzvarwa PCAP fomati, pamwe nekukurumidza kuwana kune indexed data. Kuti uongorore ruzivo rwakaunganidzirwa, webhu interface inopihwa iyo inobvumidza iwe kufamba, kutsvaga uye kutumira masampula. Zvakare zvakapihwa , iyo inokutendera iwe kuendesa data nezve akatorwa mapaketi muPCAP fomati uye akapatsanurwa zvikamu muJSON fomati kune yechitatu-bato maapplication. Iko kushandiswa kweiyo PCAP fomati inorerutsa zvakanyanya kubatanidzwa nearipo anoongorora traffic seWireshark.
Moloch ine zvikamu zvitatu zvakakosha:
- Iyo traffic yekutora system ndeye yakawanda-yakarukwa C application yekutarisa traffic, kunyora marasi muPCAP fomati kune diski, kufambisa mapaketi akabatwa uye kutumira metadata nezve masesheni (SPI, Stateful packet inspection) uye mapuroteni kuElasticsearch cluster. Zvinogoneka kuchengeta mafaira ePCAP mune encrypted fomu.
- Iyo yewebhu interface yakavakirwa paNode.js papuratifomu, iyo inomhanya pane yega yega traffic traffic server uye inogadzirisa zvikumbiro zvine chekuita nekuwana indexed data uye kuendesa PCAP mafaera kuburikidza. .
- Metadata chengetedzo yakavakirwa paElasticsearch.
Iyo yewebhu interface inopa akati wandei ekuona modhi - kubva kune akajairwa manhamba, mamepu ekubatanidza uye anoona magirafu ane data pamusoro pekuchinja kwetiweki chiitiko kune zvishandiso zvekudzidza zvidzidzo zvega, kuongorora chiitiko mumamiriro ezvibvumirano zvakashandiswa uye kupatsanura data kubva kuPCAP dumps.
Π :
- Shanduko yaitwa pakushandisa fomati isina kutaipa yekuisa indexing muElasticsearch.
- Yakawedzerwa mienzaniso yemafirita ekutora traffic muLua.
- Tsigiro ye46-draft vhezheni yeQUIC protocol yaitwa.
- Iyo kodhi yekuparura maprotocol yakagadziridzwa, zvichiita kuti zvikwanise kunyora parsers yeEthernet uye IP level protocol.
- New parsers yakakurudzirwa kune arp, bgp, igmp, isis, lldp, ospf uye pim protocol, pamwe nemaparser easingazivikanwe unkEthernet uye unkIpProtocol protocol.
- Yakawedzera sarudzo yekudzima zvakasarudzika (disableParsers).
- Iko kugona kuratidza chero nzvimbo yakazara pamachati, yakaiswa pane peji rezvirongwa, yakawedzerwa kune yewebhu interface.
- Magirafu nemazita zvino anogona kuomeswa nechando uye kusafamba kana uchikwenya peji.
- Mabhawa mazhinji ekufambisa akavanzwa kana kupunzika nekusarudzika.
Source: opennet.ru