search

GyulyVGC / sniffnet

Comfortably monitor your Internet traffic 🕵️‍♂️
https://sniffnet.net
Apache License 2.0
14.83k stars 454 forks source link

SniffNet Remote Agent to Monitor the Network Adapter on a Remote Host or Hosts #303

Open kenrmayfield opened 1 year ago

kenrmayfield commented 1 year ago

Is there an existing issue for this?

Describe the solution you'd like

Setup a Remote Agent for SniffNet, just like Nagios's Remote Agent to Monitor the Network Adapter on a Remote Host or Hosts. This would be a Option just like in SniffNet when you Pick which Network Adapter you would like to Monitor Network Traffic. The Remote Agent would be Installed on Windows/Linux and Send Live Data of Network Traffic Information back to SniffNet.

Is your feature request related to a problem?

No response

GyulyVGC commented 1 year ago

As of now, the available adapters are those identified by pcap and are only internal to the machine on which Sniffnet is installed.

The idea you mentioned would require the development of the remote agent, if I understood correctly, and this is out of scope at the moment.

If you are aware, feel free to link some resource from which I can take inspiration for the modalities of work of remote agents and the transmission of data to the main application.

If the process wouldn't break too much the existing code base, I could consider this feature in the long term.

kenrmayfield commented 1 year ago
  1. https://geekpeek.net/nagios-plugin-bash/
  2. https://github.com/NagiosEnterprises/ncpa
  3. https://github.com/NagiosEnterprises/nrpe
  4. https://nsclient.org/
  5. https://github.com/mickem/nscp
GyulyVGC commented 1 year ago

Thanks! This seems a bit out of scope at the moment, since many other features are being worked on and none of them is going in the direction of a server + agent application, at least for the moment.

Feel free to leave this issue open, but I'll tag it as wontfix for now.

aderusha commented 1 year ago
  1. https://geekpeek.net/nagios-plugin-bash/
  2. https://github.com/NagiosEnterprises/ncpa
  3. https://github.com/NagiosEnterprises/nrpe
  4. https://nsclient.org/
  5. https://github.com/mickem/nscp

I don't think any of these solutions will provide anything more than RX TX counters for each interface. Nagios plugins aren't exporting port and IP src/dst addressing for each flow, it's just a count of how many packets came into and out of each individual network interface.

hbednar commented 11 months ago

@GyulyVGC @kenrmayfield Opensnitch might be a good option, its a firewall made of a daemon and a UI. But, it can run the daemon without the UI on a remote clients and send the logs to the UI on a different server. It also supports SIEM integration, so either way you don't need to maintain an agent just read the logs.

https://github.com/evilsocket/opensnitch/wiki/SIEM-integration

kenrmayfield commented 10 months ago

@GyulyVGC

Have you thought about making a Agent for Windows and Daemon for Linux so that SniffNet can Sniff Remote Machines?

GyulyVGC commented 10 months ago

Have you thought about making a Agent for Windows and Daemon for Linux so that SniffNet can Sniff Remote Machines?

Hi @kenrmayfield, as I anticipated:

This seems a bit out of scope at the moment, since many other features are being worked on and none of them is going in the direction of a server + agent application, at least for the moment. Feel free to leave this issue open, but I'll tag it as wontfix for now.

I included this request in the project's roadmap, but it'll be likely one of the last features to be implemented.