Name	Name	Last commit message	Last commit date
Latest commit History 13 Commits
cmd/sniffer	cmd/sniffer
configs	configs
deployments	deployments
docs/internal/model	docs/internal/model
internal	internal
.gitignore	.gitignore
README.md	README.md
docker-compose.yml	docker-compose.yml
go.mod	go.mod
go.sum	go.sum
output.json	output.json
test.go	test.go

Microservices Network Traffic Sniffer

A Go-based network traffic sniffer that captures, parses, and stores HTTP/HTTPS traffic data with monitoring capabilities using Prometheus and Grafana.

Features

🔍 Network Traffic Capture: Real-time packet sniffing using gopacket
🌐 HTTP/HTTPS Protocol Support: Parses HTTP and TLS traffic on configurable ports
💾 MongoDB Storage: Persists captured traffic data and service dependencies
📊 Monitoring: Integrated with Prometheus and Grafana for metrics visualization
🐳 Docker Support: Fully containerized setup with Docker Compose
🔌 REST API: Query captured traffic and service dependencies

Architecture

┌─────────────┐
│ Sniffer │ ← Captures network packets
└──────┬──────┘
 │
 ↓
┌─────────────┐
│ Parser │ ← Parses HTTP/TLS protocols
└──────┬──────┘
 │
 ↓
┌─────────────┐
│ Storage │ ← Stores in MongoDB
└──────┬──────┘
 │
 ↓
┌─────────────┐ ┌─────────────┐
│ REST API │ ←→ │ Grafana │
└─────────────┘ └─────────────┘
 ↑
 │
 ┌──────┴──────┐
 │ Prometheus │
 └─────────────┘

Prerequisites

Go 1.24.3 or higher
Docker and Docker Compose
libpcap (for packet capture)
- Linux: sudo apt-get install libpcap-dev
- macOS: brew install libpcap
- Windows: WinPcap or Npcap

Installation

Clone the Repository

git clone https://github.com/Aditya26189/microservices.git
cd microservices

Install Dependencies

go mod download

Usage

Running with Docker Compose

The easiest way to run the entire stack:

docker-compose up -d

This will start:

MongoDB on port 27017
Prometheus on port 9090
Grafana on port 3000
Sniffer service with packet capture capabilities

Running Locally

Start MongoDB (or use Docker):

docker run -d -p 27017:27017 -v ./mongo-data:/data/db mongo

Run the Sniffer:
```
go run ./cmd/sniffer/main.go -iface <network-interface> -ports "80 or 443" -snaplen 1600 -timeout 30
```
Parameters:
- -iface: Network interface to capture from (e.g., eth0, en0, Wi-Fi)
- -ports: BPF port filter (default: "80 or 443")
- -snaplen: Snap length for packet capture (default: 1600)
- -timeout: Timeout in seconds (default: 30)
Example:
```
# Linux/macOS
sudo go run ./cmd/sniffer/main.go -iface eth0 -ports "80 or 443 or 8080"
# Windows
go run ./cmd/sniffer/main.go -iface "Ethernet" -ports "80 or 443"
```
Note: Root/admin privileges may be required for packet capture.

Finding Your Network Interface

Linux:

ip link show

macOS:

ifconfig

Windows:

Get-NetAdapter

API Endpoints

The sniffer exposes a REST API (configured via gorilla/mux):

GET /api/events - Retrieve captured network events
GET /api/dependencies - Query service dependencies
GET /api/logs - Access stored log entries

Note: See internal/handler/handler.go for complete API documentation.

Monitoring

Prometheus

Access Prometheus at http://localhost:9090 to:

View captured metrics
Run PromQL queries
Monitor sniffer performance

Grafana

Access Grafana at http://localhost:3000 (default credentials: admin/admin) to:

Visualize traffic patterns
Create custom dashboards
Set up alerts

Pre-configured dashboards are available in deployments/grafana/dashboards/.

Project Structure

.
├── cmd/
│ └── sniffer/ # Main application entry point
├── configs/ # Configuration management
├── internal/
│ ├── capture/ # Packet capture logic
│ ├── db/ # Database connections
│ ├── handler/ # HTTP API handlers
│ ├── logging/ # Logging utilities
│ ├── model/ # Data models
│ ├── parser/ # Protocol parsers (HTTP, TLS)
│ ├── storage/ # Storage layer
│ └── utils/ # Utility functions
├── deployments/
│ ├── Dockerfile.sniffer
│ ├── prometheus.yml
│ └── grafana/ # Grafana provisioning
├── docs/ # Documentation
├── mongo-data/ # MongoDB data directory
└── docker-compose.yml

Configuration

Environment Variables

Configure the application using environment variables:

MONGO_URI: MongoDB connection string (default: mongodb://localhost:27017)
MONGO_DATABASE: Database name
API_PORT: REST API port (default: 8080)

MongoDB

MongoDB configuration is handled in configs/config.go. Modify connection settings as needed.

Development

Building

go build -o sniffer ./cmd/sniffer

Testing

go test ./...

Data Models

Event

Represents a captured network event with source/destination IPs, ports, protocols, and timestamps.

LogEntry

Structured log entries for captured traffic analysis.

Dependencies

Tracks inter-service communication patterns and dependencies.

See internal/model/ for complete model definitions.

Troubleshooting

Permission Denied Errors

Packet capture requires elevated privileges:

# Linux/macOS
sudo go run ./cmd/sniffer/main.go -iface eth0
# Windows (run as Administrator)
go run ./cmd/sniffer/main.go -iface "Ethernet"

No Packets Captured

Verify the correct network interface with ifconfig or ip link
Check BPF filter syntax
Ensure traffic is flowing on the specified ports
Verify firewall settings

MongoDB Connection Issues

Ensure MongoDB is running: docker ps
Check connection string in configs/config.go
Verify network connectivity to MongoDB

Contributing

Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

gopacket - Packet processing library
MongoDB Go Driver - MongoDB client
Gorilla Mux - HTTP router
Prometheus - Monitoring system
Grafana - Analytics platform

Contact

Aditya26189 - GitHub Profile

Project Link: https://github.com/Aditya26189/microservices

Aditya26189/microservices

Folders and files

Latest commit

History

Repository files navigation