Check-NetworkSpans

This a Nagios style check that checks network spans forwarded from a switch to a system running Suricata or the like is configured properly.

The folowing checks are done.

• interfaces are up
• traffic is seen on those interfaces
• span has the required number of packets
• TCP/UDP packets are seen for the expected ports
• bi-directional TCP/UDP traffic is seen

Gathering packets is done via tshark, this ensures packets encapsulated in VLAN packets are handled.

First IP of every interface can automatically be ignored and others manually specified. Purpose of ignoring this traffic is to ensure that traffic for the system it is running on is ignored should in a worse case scenario it be ran on a system in which the ingestion interface and management interface is the same.

INSTALLATION

FreeBSD

pkg install p5-Rex p5-Regexp-IPv6 p5-Data-Dumper p5-String-ShellQuote p5-JSON p5-App-cpanminus
cpanm Check::NetworkSpans

Debian

apt-get install rex libdata-dumper-perl libstring-shellquote-perl libjson-perl cpanminus
cpanm Check::NetworkSpans

From Source

To install this module, run the following commands:

perl Makefile.PL
make
make test
make install

SUPPORT AND DOCUMENTATION

After installing, you can find documentation for this module with the perldoc command.

perldoc Check::NetworkSpans
perldoc check_networkspans

You can also look for information at:

RT, CPAN's request tracker (report bugs here)
    https://rt.cpan.org/NoAuth/Bugs.html?Dist=Check-NetworkSpans

CPAN Ratings
    https://cpanratings.perl.org/d/Check-NetworkSpans

Search CPAN
    https://metacpan.org/release/Check-NetworkSpans

LICENSE AND COPYRIGHT

This software is Copyright (c) 2024 by Zane C. Bowers-Hadley.

This is free software, licensed under:

The GNU General Public License, Version 2, June 1991