sniffnet icon indicating copy to clipboard operation
sniffnet copied to clipboard

Published 20 hours ago verified publisher icon GyulyVGC

SniffNet Remote Agent to Monitor the Network Adapter on a Remote Host or Hosts

Open kenrmayfield opened this issue 1 year ago • 7 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues.

Describe the solution you'd like

Setup a Remote Agent for SniffNet, just like Nagios's Remote Agent to Monitor the Network Adapter on a Remote Host or Hosts. This would be a Option just like in SniffNet when you Pick which Network Adapter you would like to Monitor Network Traffic. The Remote Agent would be Installed on Windows/Linux and Send Live Data of Network Traffic Information back to SniffNet.

Is your feature request related to a problem?

No response

kenrmayfield avatar Jul 06 '23 21:07 kenrmayfield

As of now, the available adapters are those identified by pcap and are only internal to the machine on which Sniffnet is installed.

The idea you mentioned would require the development of the remote agent, if I understood correctly, and this is out of scope at the moment.

If you are aware, feel free to link some resource from which I can take inspiration for the modalities of work of remote agents and the transmission of data to the main application.

If the process wouldn't break too much the existing code base, I could consider this feature in the long term.

GyulyVGC avatar Jul 06 '23 21:07 GyulyVGC

  1. https://geekpeek.net/nagios-plugin-bash/
  2. https://github.com/NagiosEnterprises/ncpa
  3. https://github.com/NagiosEnterprises/nrpe
  4. https://nsclient.org/
  5. https://github.com/mickem/nscp

kenrmayfield avatar Jul 08 '23 03:07 kenrmayfield

Thanks! This seems a bit out of scope at the moment, since many other features are being worked on and none of them is going in the direction of a server + agent application, at least for the moment.

Feel free to leave this issue open, but I'll tag it as wontfix for now.

GyulyVGC avatar Jul 08 '23 07:07 GyulyVGC

  1. https://geekpeek.net/nagios-plugin-bash/
  2. https://github.com/NagiosEnterprises/ncpa
  3. https://github.com/NagiosEnterprises/nrpe
  4. https://nsclient.org/
  5. https://github.com/mickem/nscp

I don't think any of these solutions will provide anything more than RX TX counters for each interface. Nagios plugins aren't exporting port and IP src/dst addressing for each flow, it's just a count of how many packets came into and out of each individual network interface.

aderusha avatar Jul 15 '23 11:07 aderusha

@GyulyVGC @kenrmayfield Opensnitch might be a good option, its a firewall made of a daemon and a UI. But, it can run the daemon without the UI on a remote clients and send the logs to the UI on a different server. It also supports SIEM integration, so either way you don't need to maintain an agent just read the logs.

https://github.com/evilsocket/opensnitch/wiki/SIEM-integration

hbednar avatar Aug 02 '23 10:08 hbednar

@GyulyVGC

Have you thought about making a Agent for Windows and Daemon for Linux so that SniffNet can Sniff Remote Machines?

kenrmayfield avatar Sep 02 '23 01:09 kenrmayfield

Have you thought about making a Agent for Windows and Daemon for Linux so that SniffNet can Sniff Remote Machines?

Hi @kenrmayfield, as I anticipated:

This seems a bit out of scope at the moment, since many other features are being worked on and none of them is going in the direction of a server + agent application, at least for the moment. Feel free to leave this issue open, but I'll tag it as wontfix for now.

I included this request in the project's roadmap, but it'll be likely one of the last features to be implemented.

GyulyVGC avatar Sep 02 '23 14:09 GyulyVGC