Tim's Secret Network Debugging Tool
Observe network information in your terminal! The goal of the tool is to allow operators to perform an initial deep-dive of network traffic on specific target systems. It is not intended to replace proper monitoring infrastructure.
Data is tracked on a per-network-interface basis. Network interface data collection can be toggled on and off to help improve performance and reduce clutter on the plots.
Plots can be resized so that the operator can focus on the data that they care about.
By default, the vertical axis of the time series plots scales to allow observation of all of the data in the observation window. Users can optionally switch to a manual zoom mode to avoid dynamic axis changes on the time series plots at the risk of being unable to see some data points.
- stable rust toolchains:
rustup toolchain install stable - nightly rust toolchains:
rustup toolchain install nightly --component rust-src - (if cross-compiling) rustup target:
rustup target add ${ARCH}-unknown-linux-musl - (if cross-compiling) LLVM: (e.g.)
brew install llvm(on macOS) - (if cross-compiling) C toolchain: (e.g.)
brew install filosottile/musl-cross/musl-cross(on macOS) - bpf-linker:
cargo install bpf-linker(--no-default-featureson macOS)
Sudo privileges are required to run Aya because we want to load programs into the Kernel through eBPF.
Use cargo build, cargo check, etc. as normal. Run your program with:
cargo run --release --config 'target."cfg(all())".runner="sudo -E"'Cargo build scripts are used to automatically build the eBPF correctly and include it in the program.
Cross compilation should work on both Intel and Apple Silicon Macs.
CC=${ARCH}-linux-musl-gcc cargo build --package tsndt --release \
--target=${ARCH}-unknown-linux-musl \
--config=target.${ARCH}-unknown-linux-musl.linker=\"${ARCH}-linux-musl-gcc\"The cross-compiled program target/${ARCH}-unknown-linux-musl/release/tsndt can be
copied to a Linux server or VM and run there.
Copyright (c) Tim Upthegrove tim.upthegrove@gmail.com
This project is licensed under the MIT license (LICENSE or http://opensource.org/licenses/MIT)