by Owen Garrett, Deepfence
PacketStreamer is an open source project from Deepfence. It performs distributed packet capture (tcpdump-like) and aggregates the pcap data in a single pcap file. PacketStreamer supports a wide range of environments, including Kubernetes nodes, Docker hosts, Fargate instances and, of course, virtual and bare-metal servers.
Network packet capture is a well understood practice. The basic technology that modern tools are built on first appeared in a tool named ‘tcpdump’, released in 1988, and the associated file format (pcap) has stood the test of time.
Although the technology has changed little, modern compute environments are very different from the single-Unix-server assumptions that defined the design of tcpdump. Modern environments are cloud-based, distributed across many servers, and use virtualization technologies that make it difficult to run kernel tools such as tcpdump directly.
PacketStreamer applies contemporary network capture to modern, cloud-native environments. It captures traffic from large numbers of remote servers (for example, cloud nodes) and collects that traffic in one place. It supports modern stacks, such as Kubernetes (via a daemonset), Docker, and AWS Fargate, as well as standard hosts.
Use PacketStreamer if you need a lightweight, efficient method to collect raw network....
