ipv6 survey Tool (survey6)
Ipv6 is the internet's future, and it necessitated a more scalable survey tool to comprehend how routing and DNS function. The purpose of this project is to create an IPv6 listener that will passively collect IPv6 traffic data as a passive data collection tool for cyber security research.
- Develop a Linux network probe to intercept ipv6 traffic
- To centralize the data being intercepted by the probe, develop a geo-distributed grid application that integrated with the probe.
Survey6 tool has three main components, follow describes each component, its functionalities and setup.
You can find setup and installation guide for each of the modules in their respective module directories and they are linked below too.
Intercept and collect all the ipv6 traffics (regardless of the protocol) therefore libpcap is preferable. probe binaries must run as a service of the operating system (OS could be Linux host). Moreover, the probe cast a heartbeat to the C&C server for its heath checks mechanisms. This must be implemented using grpc. Probe identifies ideal states of the host network interface and uses those time windows to send the collected ipv6 pcap. For this. This data must be annotated with meta-information for aggregation purposes (meta information could be discussed)
Probe CLI is a sub-component of Probe that allows starting (passing the registering string from C&C server, eg- How you add new nodes to Kubernetes ), suspending the probe's execution in the host machine.
Python, GRPC, Scapy
C&C server should have the Probe registering mechanism. And it listens to registered Prob's heartbeats. WebUI shows the active states of Probes in a list view.
Python, GRPC, Redis queue, SQL Lite, Flask
Data Aggregator is a series of scheduled Apache Airflow Dags
- DAG 1 - USe dpkt or scapy to parse the pcap files along with metadata.
- DAG2 - Spak Jobs to clean and aggregate the data and write to parquet.
- DAG3 - Error handling and cleansing temp data
Python, AirFlow, Spark, PySpark, scapy
We are glad that you are willing to contribute. Tasks to be taken up next are:
- Fix issue that fails one testcase - C&C Server
- Heartbeat and health status check - both modules : Probe and C&C Server
- Sending packets from probe and recieving packets at server - both modules : Probe and C&C Server
- Create a debian package for the probe once it has significant development. [For this one could refer packaging procedure of C&C Server: here and here] - Probe
- Display status of connected and registered probes - C&C server
Stretch goal:
- Hosting the debian packages
Please do follow contributing guidelines to help the maintainers. Thank you for your wonderful cooperation!
| Component | Component Weight |
|---|---|
| Probe | 50% |
| C&C server | 30% |
| Data Aggregator | 20% |