在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):jmakov/gulp开源软件地址(OpenSource Url):https://github.com/jmakov/gulp开源编程语言(OpenSource Language):C 71.7%开源软件介绍(OpenSource Introduction):Lossless Gigabit Remote Packet Capture With LinuxOriginal work from https://staff.washington.edu/corey/gulp/ and http://blog.crox.net/archives/72-gulp-tcpdump-alternative-for-lossless-capture-on-Linux.html. This repository is based on the latest patches from the original contributor (http://blog.crox.net/uploads/gulp-1.58-crox.tgz). Features
Getting startedInstallationFrom project root run Building manuallyDependencies
Quick dependencies install command for Ubuntu (tested on Ubuntu 19.04)
Build: mkdir cmake-build-release && cd cmake-build-release
cmake .. -DCMAKE_BUILD_TYPE=Release
cmake --build . Usage
ExamplesAssuming we already applied changes for running gulp without root otherwise we'll need to call
Including UTC timestamp in file namesSave captured network traffic to a file with UTC timestamp in file name e.g. mkdir -p savedir
gulp -i eth0 -t -o savedir/ -n my_filename File rotationCreate a new file when the old grows over 100MB: mkdir -p savedir
gulp -i eth0 -r 100 -C 1 -o savedir/ -n my_filename Create a new file when the old grows over 100MB and include UTC timestamp in newly created file names: mkdir -p savedir
gulp -i eth0 -r 100 -C 1 -o savedir/ -n my_filename -t Compress rotated filespostrotate.sh #!/usr/env bash
# gulp sends file name as an argumen to this script
IN_FN=$1
TMP_FN=$IN_FN.tmp
FIN_FN=$IN_FN.zst
zstd -q -19 --rm $IN_FN -o $TMP_FN
# signal with an atomic rename that the file is not being written to anymore
mv $TMP_FN $FIN_FN We start gulp with the
Running without rootsudo groupadd pcap
sudo usermod -a -G pcap $USER
sudo mkdir -p /opt/gulp/bin
sudo cp build/bin/gulp /opt/gulp/bin
sudo chgrp pcap /opt/gulp/bin/gulp
sudo setcap cap_ipc_lock,cap_sys_nice,cap_net_raw,cap_net_admin=eip /opt/gulp/bin/gulp Short explanation why we need these capabilities:
TunablesFrom Linux TCP tuning. Also see sysctl tweaks Set the max OS send buffer size (wmem) and receive buffer size (rmem) to 12 MB for queues on all protocols. In other words set the amount of memory that is allocated for each TCP socket when it is opened or created while transferring files: # echo 'net.core.wmem_max=12582912' >> /etc/sysctl.conf
# echo 'net.core.rmem_max=12582912' >> /etc/sysctl.conf You also need to set minimum size, initial size, and maximum size in bytes: # echo 'net.ipv4.tcp_rmem= 12582912 125829120 1258291200' >> /etc/sysctl.conf
# echo 'net.ipv4.tcp_wmem= 12582912 125829120 1258291200' >> /etc/sysctl.conf Turn on window scaling which can be an option to enlarge the transfer window: # echo 'net.ipv4.tcp_window_scaling = 1' >> /etc/sysctl.conf Enable timestamps as defined in RFC1323: # echo 'net.ipv4.tcp_timestamps = 1' >> /etc/sysctl.conf Enable select acknowledgments: # echo 'net.ipv4.tcp_sack = 1' >> /etc/sysctl.conf Set maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel can process them. # echo 'net.core.netdev_max_backlog = 1000000' >> /etc/sysctl.conf |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论