Sijisu
commented
1 year ago Thanks @KristinnVikar for valuable fixes!
Closed MaxGroot closed 1 year ago
Sijisu
commented
1 year ago Thanks @KristinnVikar for valuable fixes!
Thanks for open-sourcing this project. We have used Tulip during a CTF with a few patches of our own that we'd now like to contribute back into the original project.
This pull requests adds (semi-realtime) streaming PCAP support to Tulip by utilizing PCAP-over-ip, as well as BPF support for both file-based and PCAP-over-ip based traffic ingestion.
We wanted lower-latency traffic streaming and opted for PCAP-over-ip. As Tulip did not yet support this, we added PCAP-over-ip support. While we opted to combine this with pcap-broker to stream traffic from remote hosts, any pcap-over-ip server is supported.
This pull requests also adds support for adding a BPF filter, as we captured traffic once and distributed it to multiple listeners, for each of which we'd set the appropriate BPF. While we needed the BPF filter for PCAP-over-ip only, we also added it to the pcap file processing logic.