D4 core
D4 core are software components used in the D4 project. The software includes everything to create your own sensor network or connect to an existing sensor network using simple clients.
D4 core client
D4 core client is a simple and minimal implementation of the D4 encapsulation protocol. There is also a portable D4 client in Go including the support for the SSL/TLS connectivity.
Requirements
- Unix-like operating system
- make
- a recent C compiler
Usage
The D4 client can be used to stream any byte stream towards a D4 server.
As an example, you directly stream tcpdump output to a D4 server with the following script:
tcpdump -n -s0 -w - | ./d4 -c ./conf | socat - OPENSSL-CONNECT:$D4-SERVER-IP-ADDRESS:$PORT,verify=0
d4 - d4 client
Read data from the configured <source> and send it to <destination>
Usage: d4 -c config_directory
Configuration
The configuration settings are stored in files in the configuration directory
specified with the -c command line switch.
Files in the configuration directory
key - is the private HMAC-SHA-256-128 key.
The HMAC is computed on the header with a HMAC value set to 0
which is updated later.
snaplen - the length of bytes that is read from the <source>
version - the version of the d4 client
type - the type of data that is send. pcap, netflow, ...
source - the source where the data is read from
destination - the destination where the data is written to
Installation
cd client
git submodule init
git submodule update
D4 core server
D4 core server is a complete server to handle clients (sensors) including the decapsulation of the D4 protocol, control of sensor registrations, management of decoding protocols and dispatching to adequate decoders/analysers.
Requirements
- Python 3.6
- GNU/Linux distribution
Installation
D4 core server Screenshots
Dashboard:
Connected Sensors:
Sensors Status:
Server Management:
analyzer Queues:
