Skip to content
/ span Public

Kernel module for clonning network traffic

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MaksVal/span

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Makefile
Makefile
 
 
README.md
README.md
 
 
README_RU.md
README_RU.md
 
 
dkms.conf
dkms.conf
 
 
span.c
span.c
 
 

Repository files navigation

Overview

This kernel module can be used for passive network monitoring.

This module use NetFilter hooks in PREROUTING and(or) POSTROUTING chains and clone packets to specified interface.

You can use this module to send incoming and/or outgouing trafic of your server to remote monitoring tools (via dedicated SPAN interface).

Parameters

Module have folowing arguments:

src - name of input interface (clone packets from this interface)

srcs - array of input interfaces (comma separated, max count = 5, usefull when you use multiple interface - bonding etc)

dst - name of output interface (interface to monitoring tools)

hook - hook number (PREROUTING(0), POSTROUTING(1) or PRE-and-POST(2))

Example (Debian 8)

Set default options (/etc/modprobe.d/span.conf):

options span srcs=eth0,eth1 dst=eth5 hook=0
  • srcs - array of input interfaces for monitoring
  • dst - output interface
  • hook - hook number, where it load(0, 1, 2)

Autoload module on system startup (/etc/modules):

span

About

Kernel module for clonning network traffic

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages