d4-goclient is a D4 project client (sensor) implementing the D4 encapsulation protocol.
The client can be used on different targets and architectures to collect network capture, logs, specific network monitoring and send it back to a D4 server.
For more information about the D4 project.
Fetch d4-goclient code and dependencies
go get github.com/satori/go.uuid go get github.com/D4-project/d4-goclient
Use make to build binaries:
make arm5l # for raspberry pi / linux make amd64l # for amd64 / linux
- golang 1.10 (tested)
Launch a d4-server (if you don't have a server)
See https://github.com/D4-project/d4-core/tree/master/server $IP_SRV being the d4-server's address, $PORT its listening port
Part of the client configuration can be stored in folder containing the following files:
- key: your Pre-Shared-Key
- snaplen: default is 4096
- source: stdin
- destination: stdout, [fe80::ffff:ffff:ffff:a6fb]:4443, 127.0.0.1:4443
- type: D4 packat type, see types
- uuid: generated automiatically if empty
- version: protocol version
- rootCA.crt: optional CA certificate to check the server certificate
-c string configuration directory -cc Check TLS certificate against rootCA.crt -ce Set to True, true, TRUE, 1, or t to enable TLS on network destination (default true) -cka duration Keep Alive time human format, 0 to disable (default 30s) -ct duration Set timeout in human format -rt duration Time in human format before retry after connection failure, set to 0 to exit on failure (default 30s) -v Set to True, true, TRUE, 1, or t to enable verbose output on stdout
Pipe data into the client
In the followin examples, destination is set to stdout.
cat /proc/cpuinfo | ./d4-goclient -c conf.sample/ | socat - OPENSSL-CONNECT:$IP_SRV:$PORT,verify=0
tcpdump (libpcap) output, discarding our own traffic
$IP being the monitoring computer ip
tcpdump not dst $IP and not src $IP -w - | ./d4-goclient -c conf.sample/ | socat - OPENSSL-CONNECT:$IP_SRV:$PORT,verify=0