OsmoPCAP » History » Version 1
laforge, 01/26/2019 04:32 PM
1 | 1 | laforge | {{>toc}} |
---|---|---|---|
2 | |||
3 | h1. OsmoPCAP |
||
4 | |||
5 | osmo-pcap has been created to collect network traces at different nodes but store them centrally at a dedicated note for further analysis. This might be needed for auditing, resolving conflicts, post processing or debugging a distributed system. |
||
6 | |||
7 | The system consists out of the *osmo-pcap-client* to cpature traffic at a host and *osmo-pcap-server* to receive the traffic, store and rotate the traffic at a centralized server. There is a shell script to compress and expire old traces. |
||
8 | |||
9 | h2. osmo-pcap-client |
||
10 | |||
11 | The @osmo-pcap-client@ is using libpcap and has a built-in detector for the GPRS-NS/BSSGP protocol to exclude user traffic. The client is known to work on 32/64 bit systems. It can be configured through the VTY and the minimal config includes the interface to monitor, the pcap filter to use and the server to send it to. |
||
12 | |||
13 | h2. osmo-pcap-server |
||
14 | |||
15 | The @osmo-pcap-server@ will listen for new TCP connections and then will receive the data from the client if it is coming from a known/good source IPv4/port. The server is configured to write one file per client and to |
||
16 | change/rotate the file when the link encapsulation is changing. It can be configured to rotate the file a given time interval and/or if the file size is over a threshold. |
||
17 | |||
18 | The osmo-pcap-server comes with a shell script to rotate and compress old traces. Currently the configuration parameters (age or amount based) need to be tuned in the script itself. |
||
19 | |||
20 | {{include(cellular-infrastructure:MacroBinaryPackages)}} |