Features

Blog

Download

Docs

Whats new in v0.4

Commandline Tools

The commandline tools have been restructured and the framework now consists of:

  • net.capture (capture audit records live or from dumpfiles)
  • net.dump (dump with audit records in various formats)
  • net.label (tool for creating labeled CSV datasets from netcap data)
  • net.collect (collection server for distributed collection)
  • net.agent (sensor agent for distributed collection)
  • net.proxy (http reverse proxy for capturing traffic from web services)
  • net.util (utility tool for validating audit records and converting timestamps)
  • net.export (exporter for prometheus metrics)

HTTP Proxy

The net proxy tool allows to quickly spin up monitoring of web applications and retrieving netcap audit records. Since currently, TCP stream reassembly is only supported for IPv4, netcap misses HTTP traffic over IPv6 when decoding traffic from raw packets.

By using a simple reverse proxy for HTTP traffic, the operating system handles the stream reassembly and we can make sure no IPv6 traffic is missed.

Metrics

Netcap now support exporting prometheus metrics about its go runtime, the collection process and the audit records itself. This feature can be used with the net export tool.

Metrics are served by default on 127.0.0.1:7777/metrics.

Now we can configure a prometheus instance to scrape it and visualize the metrics in Grafana.

Checkout the docs for some previews of the Dashboard: https://docs.netcap.io/metrics

netcap.Writer

The netcap library now exposes a data structure for writing audit records to disk.

Checkout the GoDocs: https://godoc.org/github.com/dreadl0ck/netcap

type Writer
    func NewWriter(name string, buffer, compress, csv bool, out string, writeChan bool) *Writer
    func (w *Writer) Close() (name string, size int64)
    func (w *Writer) GetChan() <-chan []byte
    func (w *Writer) Write(msg proto.Message) error
    func (w *Writer) WriteCSV(msg proto.Message) (int, error)
    func (w *Writer) WriteCSVHeader(msg proto.Message) (int, error)
    func (w *Writer) WriteHeader(t types.Type, source string, version string, includesPayloads bool) error
    func (w *Writer) WriteProto(msg proto.Message) error