You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
D4 core are software components used in the D4 project. The software includes everything to create your own sensor network or connect
to an existing sensor network using simple clients.
d4 - d4 client
Read data from the configured <source> and send it to <destination>
Usage: d4 -c config_directory
Configuration
The configuration settings are stored in files in the configuration directory
specified with the -c command line switch.
Files in the configuration directory
key - is the private HMAC-SHA-256-128 key.
The HMAC is computed on the header with a HMAC value set to 0
which is updated later.
snaplen - the length of bytes that is read from the <source>
version - the version of the d4 client
type - the type of data that is send. pcap, netflow, ...
source - the source where the data is read from
destination - the destination where the data is written to
Installation
cd client
git submodule init
git submodule update
Build the d4 client. This will create the d4 binary.
make
Then register the sensor with the server. Replace API_TOKEN, VALID_UUID4 (create a random UUID via UUIDgenerator) and VALID_HMAC_KEY.
D4 core server is a complete server to handle clients (sensors) including the decapsulation of the D4 protocol, control of sensor registrations, management of decoding protocols and dispatching to adequate decoders/analysers.
