D4 core are software components used in the D4 project. The software includes everything to create your own sensor network or connect to an existing sensor network using simple clients.
The D4 client can be used to stream any byte stream towards a D4 server.
As an example, you directly stream tcpdump output to a D4 server with the following script:
tcpdump -n -s0 -w - | ./d4 -c ./conf | socat - OPENSSL-CONNECT:$D4-SERVER-IP-ADDRESS:$PORT,verify=0
d4 - d4 client Read data from the configured <source> and send it to <destination> Usage: d4 -c config_directory Configuration The configuration settings are stored in files in the configuration directory specified with the -c command line switch. Files in the configuration directory key - is the private HMAC-SHA-256-128 key. The HMAC is computed on the header with a HMAC value set to 0 which is updated later. snaplen - the length of bytes that is read from the <source> version - the version of the d4 client type - the type of data that is send. pcap, netflow, ... source - the source where the data is read from destination - the destination where the data is written to
cd client git submodule init git submodule update
D4 core server is a complete server to handle clients (sensors) including the decapsulation of the D4 protocol, control of sensor registrations, management of decoding protocols and dispatching to adequate decoders/analysers.