Data Stream Socket
Netify - Data Stream Socket
The Netify Agent handles the deep packet inspection and analysis, but how do you interact with the data available from the agent? You can use the high-speed data integrations (IP Sets, CT Labels, nftables Sets, Stats) as well as the live Data Stream described in this document.
Data via Socket Interface
Netifyd's Agent Socket Interface (TCP/IP and UNIX sockets) provides near real-time agent status and flow/DPI detection data via JSON encoded payloads. In CentOS, Debian, and Ubuntu, the default UNIX socket file is /var/run/netifyd/netifyd.sock. Other Linux platforms may have the socket file in a different location.
For information about the format and data available in the streams, you can skip to the Data Streams documentation. If you would like to interact with the data in a live environment, read on!
"type": "flow_purge"
"flow": {
"digest": "178bf5650a79d5e8ddc6a988d0c02b3d799180d0",
"last_seen_at": 1606232131756,
"local_bytes": 2434,
"local_packets": 21,
"other_bytes": 6139,
"other_packets": 16,
"total_bytes": 8573,
"total_packets": 37
},
"reason": "terminate",
... snip ...
[socket]
listen_path[0] = /var/run/netifyd/netifyd.sock
Getting Started with Live Data Streams
If you haven't already done so, please start with the getting started introduction for instructions on how to get an environment with the Netify Agent up and running. Once ready, we can use some shell tools to connect to netifyd and display the JSON encoded payloads. First, we need to install the shell utilities:
Linux | Command |
---|---|
CentOS | yum install sudo jq bc netcat |
Debian | apt-get update; apt-get install sudo jq bc netcat-openbsd |
Ubuntu | apt-get update; apt-get install sudo jq bc netcat |
Open up a separate terminal on a system with netifyd installed. On the first terminal, run the netifyd command to start processing either a PCAP capture file (instructions) or live network data. On the second terminal, run the following to connect to the JSON data stream and view formatted output:
sudo nc -U /var/run/netifyd/netifyd.sock | jq . -C
You should see a stream of JSON data similar to the following:
{
"agent_version": 3.06,
"build_version": "Netify Agent/3.06 (... features ...) nDPI/2.9.0 JSON/1.90",
"json_version": 1.9,
"type": "agent_hello"
}
The Data Stream Format documentation provides details on the DPI data available in Netify.
Third Party Tools
With a JSON-encoded data stream, it's possible to develop Netify-aware tools in any programming language:
- Python
- C/C++
- Rust
- etc.
In addition, it's also important to remember that the netifyd data stream is available over a TCP/IP socket (see man netifyd.conf to enable this feature). This makes it possible to run the Netify Agent detection on a dedicated network probe, but then run your Netify-enabled application on a different server host.
Netify Integrations
With the Netify JSON network stream, you can develop and create your own integrations: open source, proprietary, in-house... it's up to you. We have also built plugins and addons to help with getting started with firewalls/QoS and local reporting:
Netify Agent
Getting Started
Plugins and Addons
Netify Tools
Open Source DPI
Evaluate Netify DPI
Do you want to get started with evaluating Netify DPI? Request the Integrators Kit today.
Integrators Kit