PacketStreamer

A high-performance remote packet capture and collection tool.

Primary Design Goals:

• Stay light, capture and stream, no additional processing
• Portability, works across virtual machines, Kubernetes, and AWS Fargate. Linux and Windows

How it Works:

PacketStreamer sensors collect raw network packets on remote hosts. It selects packets to capture using a BPF filter, and forwards them to a central receiver process where they are written in pcap format. Sensors are very lightweight and impose little performance impact on the remote hosts.

The PacketStreamer receiver accepts network traffic from multiple sensors, collecting it into a single, central pcap file. You can then process the pcap file or live feed the traffic to the tooling of your choice, such as Zeek, Wireshark, Suricata, or as a live stream for Machine Learning models.

When to Use PacketStreamer:

• For general use cases where you need a lightweight, efficient method to collect raw network data from multiple machines for central logging and analysis.

Quick Start:

For full instructions, refer to the PacketStreamer Documentation.

You will need to install the golang toolchain and libpcap-dev before building PacketStreamer.

# Pre-requisites (Ubuntu): sudo apt install golang-go libpcap-dev
git clone https://github.com/deepfence/PacketStreamer.git
cd PacketStreamer/
make

./packetstreamer receiver --config ./contrib/config/receiver.yaml

./packetstreamer sensor --config ./contrib/config/sensor.yaml

Who Uses PacketStreamer?

• Deepfence ThreatStryker uses PacketStreamer to capture traffic from production platforms for forensics and anomaly detection.

Get in Touch:

Thank you for using PacketStreamer.

• Start with the documentation: Documentation
• Got a question, need some help? Find the Deepfence team on Slack
• Got a feature request or found a bug? Raise an issue
• Found a security issue? Share it in confidence: [email protected]

> Visit Deepfence PacketStreamer Website <