Pentest Tools packet-capture-steg

Published on January 12th, 2016 📆 | 3246 Views ⚑

0

Stenographer — Packet Capture Utility

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets.

▼Advertisement

Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet writing, handles deleting those files as disk fills up, and provides methods for reading back specific sets of packets quickly and easily.

 

It is designed to:
  • Write packets to disk, very quickly (~10Gbps on multi-core, multi-disk machines)
  • Store as much history as it can (managing disk usage, storing longer durations when traffic slows, then deleting the oldest packets when it hits disk limits)
  • Read a very small percentage (<1%) of packets from disk based on analyst needs

▼Advertisement

It is NOT designed for:
  • Complex packet processing (TCP stream reassembly, etc)
    • It’s fast because it doesn’t do this.  Even with the very minimal, single-pass processing of packets we do, processing ~1Gbps for indexing alone can take >75% of a single core.
    • Processing the data by reading it back from disk also doesn’t work:  see next bullet point.
  • Reading back large amounts of packets (> 1% of packets written)
    • The key concept here is that disk reads compete with disk writes… you can write at 90% of disk speed, but that only gives you 10% of your disk’s time for reading.  Also, we’re writing highly sequential data, which disks are very good at doing quickly, and generally reading back sparse data with lots of seeks, which disks do slowly.

 

 

To download the source code, install Go locally, then run:

$ go get github.com/google/stenographer

Go will handle downloading and installing all Go libraries that stenographer depends on. To build stenotype, go into thestenotype directory and run make. You may need to install the following Ubuntu packages (or their equivalents on other Linux distros):

  • libaio-dev
  • libleveldb-dev
  • libsnappy-dev
  • g++
  • libcap2-bin
  • libseccomp-dev

 

 

This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.

▼Advertisement

Source && Download

Download WordPress Themes Free
Download Best WordPress Themes Free Download
Premium WordPress Themes Download
Premium WordPress Themes Download
udemy course download free



Leave a Reply ✍


loading...