Skip to content
/ DOROTHEA Public

DOROTHEA: Docker-based framework for small-scale NetFlow traffic monitoring and capture.

License

LGPL-3.0 license
3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

uleroboticsgroup/DOROTHEA

BranchesTags

Repository files navigation

DOROTHEA

Dorothea CI Examples CI

Docker-based framework for gathering netflow traffic

Description

The primary objective of this framework is to establish an environment that comprehensively monitors and captures all network flows on a Docker virtual network. All interactions within this virtual network are captured, parsed into flows, and subsequently exported to a CSV file.

Old releases

The DOROTHEA project went throught a complete restructuring to simplify its architecture and enhance user-friendliness 🚧. We have drop all the Python scripts for handeling DOROTHEA in favour of a more minimalistic implementation using Docker-Compose.

If you are searching for one of the old implementations, we have tagged them as releases.

Key Objectives

  • Realistic Netflow Generation: The framework's primary objective is to generate flow that closely resemble real network traffic. These is archived by using real world tools to simulate genuine interactions and transactions, creating a robust dataset for training machine learning models.

  • Low Resource Consumption: By establishing a virtual LAN and deploying containers as nodes, the framework creates a controlled, small-footprint environment that mimics real-world networking scenarios. This environment facilitates the generation and monitoring of traffic patterns while maintaining a low profile in resource consumption.

  • Effective & Flexible Monitoring: The framework utilizes pmacct (Packet Monitoring Accounting) a tool for capturing and process network traffic. Utilizing the default print plugin, it allows us to capture and extract valuable insights from flows into a CSV without the need for a netflow collector, simplifying the process.

Requirements

This tool requires to have installed in your system:

Usage

Clone the repository with the following comand to ensure all the submodules are recursively fetch:

$ git clone --recursive https://github.com/uleroboticsgroup/DOROTHEA.git
$ cd DOROTHEA

On the docker-compose.yml file, add your containers that will generate any traffic after the comment:

# YOUR ACTIONS: ...

And finally simply run Docker-Compose:

$ docker compose .

Examples

The examples directory includes various scenarios to emulate and capture network traffic of popular tools and interactions:

License

This framework is released under the LGPL-3.0. Feel free to use, modify, and distribute it in accordance with the terms of the license.

About

DOROTHEA: Docker-based framework for small-scale NetFlow traffic monitoring and capture.

Topics

docker docker-compose emulation pmacct netflow-data

Resources

Readme

License

LGPL-3.0 license
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 3

Dorothea 2.0.1: Enhancements and Dependency Updates Latest
Apr 21, 2024
+ 2 releases

Contributors 2

  •  
  •