Command Line Interface (CLI)
The Netify Agent exposes a set of command line options useful for obtaining status, inspecting signature lists, and performing offline packet capture analysis. Use the examples below to collect useful debugging information.
Netify Daemon Status
To view the current status of the Netify agent, execute:
sudo netifyd -sThe following can be helpful during troubleshooting:
- Agent is running / PID - Indicates whether the Netify DPI agent is running.
- Agent UUID - A unique identifier used during provisioning and API calls.
- API Updates - If not enabled, the agent will not communicate with Netify cloud services.
- API Application/Category Updates - Shows if the agent can receive continuous updates.
- Active Flows - If zero, could indicate an issue with interface configuration.
- Maximum Memory Usage - Insight into RAM usage during heavy load.
- Interface [Mode -> Capture Method] - Helps identify capture configuration issues.
- Apps / Domains counts - High app counts often indicate commercial signature lists.
- Persistent / Volatile State Paths - Paths where configuration and runtime data are written.
Application, Protocol and Category Lists
Applications and categories are determined at run time using signature and configuration files. Protocols are compiled into the agent binary.
Applications
Applications are imported at run time via the Netify application signature file located in the configuration directory.
netifyd --dump-apps
0: Unknown
1: FTP/C
2: POP3
3: SMTP
4: IMAP
...Protocols
Protocols are compiled into the agent. New protocols are added with agent releases.
netifyd --dump-protos
0: Unknown
1: FTP/C
2: POP3
3: SMTP
4: IMAP
...Categories
Categories group applications and protocols.
netifyd --dump-categories
1: application: adult
2: application: advertiser
3: application: business
4: application: cdn
...Analysing a Packet Capture File
The Netify Agent can perform offline analysis of a capture file.
Real-Time Analysis
To playback a packet capture through the Netify agent in real-time, run:
sudo netifyd -d -v -t -r -I /path/to/pcapSimultaneously, capture the output sent to the file socket:
sudo netcat -U /var/run/netifyd/netifyd.sock | jqYou should see a stream of JSON similar to:
{
"flow": {
"category": { "application": 27, "domain": 0, "network": 0, "protocol": 18 },
"detected_application": 10033,
"detected_application_name": "netify.netify",
"detected_protocol": 196,
"detected_protocol_name": "HTTP/S",
...
}Fast Analysis
To process a capture as fast as possible (remove -r):
sudo netifyd -d -v -t -I /path/to/pcapDelayed Start
To delay the start of analysis (useful when binding to sinks):
sudo netifyd --capture-delay 5 -d -v -t -I /path/to/pcapIgnoring Interfaces
To ignore configured interfaces when analysing a pcap:
sudo netifyd --ignore-interface-configs -d -v -t -I /path/to/pcapRunning the Agent in Debug Mode
Stop any running daemons, then run the agent in the foreground with debug enabled:
sudo systemctl stop netifyd
sudo netifyd -dCollect this output when opening a support ticket to help us diagnose issues.