Skip to content

allows one to gain insight into a firewalled network by passively collecting remote system uptimes to compare with local system time

Notifications You must be signed in to change notification settings

denverskylines/go-clock-view

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

go-clock-view

Description

This project collects tcp timestamps passivly and in real time compares each packets system uptime to the uptime of the packets before it. It can provide useful information such as the of the number of devices behind a firewalled network without generating a packet. This can be useful in detecting tethering and to gain insight into the network topology behind a network address translator or in situations where promiscous detection is unsuitable.

(https://github.com/aslanvaroqua/go-clock-view).

the offset of the uptimes per ip can tell us a lot about a network topology and is useful for understanding what type of systems are utilizing a network and also to prevent unauthorized tethering/connection sharing in the telecommunications industry.

Usage


Usage of ./go-clock-skew:
-e string
device name (default "eth0")
-f string
storage file (default "storage.csv")
-filter string
bpFilter (default "tcp")
-h help

Example


./go-clock-skew -filter "src host 10.10.89.144" -f 144.csv

where to go from here?

go get "github.com/aslanvaroqua/go-clock-view"
go get "github.com/google/gopacket"
go get "go get gopkg.in/mgo.v2"
su -i
apt install mongodb
apt install libpcap-dev
ifconfig -> find appropriate network interface or use default (eth0)
go build main.go
mv main.go /usr/bin/clock-view
clock-view -e eth0 {other options)

About

allows one to gain insight into a firewalled network by passively collecting remote system uptimes to compare with local system time

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%