This application visualizes the network traffic in near realtime. The network traffic here is the Fast Lane traffic that is marked by the iOS app.
There are 3 components to this project:
Fastlane allows applications on iOS devices which are connected to Cisco Wi-Fi Access points to prioritize their traffic; Such prioritization allows the apps to deliver best experience in the enterprises.
App traffic on Wi-Fi networks can be broadly classified as: Voice, Video, Best Effort and Background. Double clicking on each of the traffic types:
• Voice: This is interactive voice for apps using Wi-Fi Calling (CallKit), Cisco Spark, Facetime or any other Voice app.
• Video: This is video traffic using Wi-Fi Calling (CallKit), Cisco Spark, Facetime or video capabilities within the app.
• Best Effort: Examples of data include instant messaging, VPN tunneling, audio/video streaming, signaling, screen sharing etc.
• Background: These apps include photo/media uploads or backups.
Make sure both docker and docker-compose is up and running.
$ docker-compose version
Create log directory for tshark
mkdir -p /tmp/tshark/data
touch /tmp/tshark/data/logs.data
Get the Repo and Test docker-compose to start Stack services
git clone https://github.com/CiscoDevNet/FastLaneSelfServe.git
cd FastLaneSelfServe
docker-compose up -d
Install T-shark: https://www.wireshark.org/download.html (installing wireshark should automatically install tshark)
There are 3 elements that you want to run for the demo: docker-compose, tshark and browser (visualization)
cd FastLaneSelfServe //omit if pwd is already /FastLaneSelfServe
docker-compose down //Stop previously running instances.
docker-compose up -d //Start a new one
Tip: If you keep the system up for long, it might get slower because of huge amount of packet data. Restart the docker-compose once every 1-2 hour for best experience.
Open a new tab, and run the tshark command to start the network capture. You can optionally provide the ip
option to capture from a particular IP address.
tshark -a duration:500 -i en0 -e frame.number -e wlan.qos -e wlan.qos.priority -e ip.src -e ip.dst -e ip.dsfield.dscp -e ip.len -Tek > /tmp/tshark/data/logs.data
You can apply a filter by adding -Y
or -f
option to the tshark command.
For example,
-Y "ip.src == 10.10.30.101 && ip.dst == 10.10.30.102"
or
-f "host 10.10.30.101"
Note: This will run tshark and do a packet capture for 500s. For the demo scenario, you can start the tshark just before every demo and then stop if after that. This will also help to keep the network dump small.
Tip: Refresh the Page once every 1-5 mins, to clear out the cache and to bring in the real-time nature for visulizations.
cd FastLaneSelfServe //omit if pwd is already /FastLaneSelfServe
docker-compose down
docker-compose pull
docker-compose up -d
docker-compose down
docker-compose up -d
//Simple Get request
GET http://0.0.0.0:9200/fastlane/log/_search?_source=json.layers.ip_dsfield_dscp,json.timestamp
//Get latest results
curl -XGET 'localhost:9200/fastlane/log/_search?_source=json.layers.ip_dsfield_dscp,json.timestamp' -H 'Content-Type: application/json' -d'
{
"sort" : [
{"json.timestamp.keyword" : {"order" : "desc"}}
]
}'
This code is built on top of https://github.com/deviantony/docker-elk