NetGuard
A lightweight network traffic analyzer built with Rust and eBPF for real-time packet inspection.
Zoran · 1 分钟阅读 · 146 字
NetGuard
NetGuard is a lightweight network traffic analyzer that leverages eBPF (Extended Berkeley Packet Filter) for kernel-level packet inspection with minimal overhead.
Features
- Real-time packet capture at the kernel level using eBPF kprobes
- Protocol analysis for TCP, UDP, ICMP, and HTTP
- Anomaly detection using statistical models
- Prometheus metrics export for Grafana dashboards
- BPF CO-RE for portability across kernel versions
Architecture
┌─────────────┐ ┌──────────────┐ ┌─────────────┐
│ eBPF Probe │ ──▶ │ Ring Buffer │ ──▶ │ Userspace │
│ (Kernel) │ │ │ │ Analyzer │
└─────────────┘ └──────────────┘ └─────────────┘
│
▼
┌─────────────┐
│ Prometheus │
│ /metrics │
└─────────────┘
Usage
# Compile and load the eBPF program
cargo build --release
sudo ./target/release/netguard --interface eth0
# Available flags
--interface Network interface to monitor
--prometheus Enable metrics export (default: 9090)
--log-level Set verbosity (trace, debug, info, warn)