Skip to content

xel86/ntmd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
cmake
cmake
 
 
docs
docs
 
 
src
src
 
 
systemd
systemd
 
 
.clang-format
.clang-format
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ntmd (WIP)

Network Traffic Monitor Daemon for linux.

This project is early in development, core functionality is working well but it still has it's fair share of issues (known & unknown).

Known Issues

  • Can't find process/sockets for qemu virtual machines
  • Can't find process/sockets for mullvad vpn traffic when turned on (and presumably other vpns).

Usage

Once ntmd is running in the background it will begin monitoring network traffic and matching packets with the processes they belong too. To retrieve that information you should use the socket api that ntmd hosts to allow external applications to view live in-memory network traffic or historical network traffic stored in the database.

Full API documentation of all commands and further information can be found in docs/api.md

Quick Examples (netcat to send commands and jq to pretty print the json):

View live in-memory monitored traffic before database deposit:
echo 'snapshot' | nc localhost 13889 | jq

{
    "data": {
        "Discord": {
            "bytesRx": 123
            "bytesTx": 321
            "pktRxCount": 5,
            "pktTxCount": 5
        },
        "chromium": {
            "bytesRx": 777
            "bytesTx": 777
            "pktRxCount": 11
            "pktTxCount": 11
        },
    },
    "length": 2
    "result": "success"
}

View historical network traffic from database since January 1st 2023:
echo 'traffic-since 1672549200' | nc localhost 13889 | jq

{
  "data": {
    "chatterino": {
      "bytesRx": 114048694,
      "bytesTx": 13902477,
      "pktRxCount": 196166,
      "pktTxCount": 193273
    },
    "chromium": {
      "bytesRx": 5156785412,
      "bytesTx": 131679244,
      "pktRxCount": 3590623,
      "pktTxCount": 1697315
    },
    "git-remote-http": {
      "bytesRx": 9096,
      "bytesTx": 4568,
      "pktRxCount": 25,
      "pktTxCount": 32
    },
    "ssh": {
      "bytesRx": 1852839460,
      "bytesTx": 11996499,
      "pktRxCount": 198432,
      "pktTxCount": 138233
    }
  },
  "length": 4,
  "result": "success"
}

Installation

ntmd uses a few dependencies that are not bundled with the repository, so you must install them yourself before building.

These include:

  • sqlite3
  • nlohmann-json
  • libpcap
  • cmake
  • clang

To install all required dependencies on ubuntu:
sudo apt-get install libsqlite3-dev nlohmann-json3-dev libpcap-dev clang cmake

To install all required dependencies on arch:
sudo pacman -S sqlite nlohmann-json libpcap clang cmake

Packages

TBD

Manual Build

After installing all dependencies, clone the repository and build the binary:

git clone https://github.com/xel86/ntmd
cd ntmd/
mkdir build && cd build
cmake .. && make

Move ntmd into /usr/bin:

sudo mv ntmd /usr/bin

If you wish to launch with a custom config edit the default config provided in docs/ntmd.conf to your liking and then move it into the default location /etc/ntmd.conf or specify its location with the -c/--config argument.

sudo cp ../docs/ntmd /etc/

If you wish to setup a systemd service to manage ntmd:

sudo cp ../systemd/ntmd.service /etc/systemd/system/

If you wish for ntmd to start up with your computer, enable the systemd service:

sudo systemctl enable ntmd

To start ntmd immediately:

sudo systemctl start ntmd

About

Network Traffic Monitor Daemon for linux.

Topics

linux monitoring network packet-sniffer network-analysis packet-capture

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages