goatherd

command module

v0.1.0 Latest Latest Go to latest Published: Feb 2, 2021 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/databeast/goatherd

Links

Open Source Insights

README ¶

goatherd

Packet Capture and Analysis tool for passively discovering routable address space by observing bitmask changes on captured packets

what does it do?

GOatherd analyzes tcp/ip communications (either live on the wire, or from a previously captured .pcap file) and assesses their source ARP and IP addresses with XOR bitwise pattern matching to make an intelligent attempt to determine:

what addresses on your local network are the 'downstream' gateways (gateways from other networks), and which one (at minimum) is the 'upstream' gateway (ie the gateway address for the local subnet).
To the best of its abilities, what CIDR subnets are 'downstream' from the local network (incoming to it from one or more layers of downstream gateways).
attempts to find a common range of TTL variances to guestimate how many 'hops' downstream a particular submet is from the currently observed network.

Installation

You'll be needing the LibPCAP include files to compile for packet capture.

apt-get install libpcap-dev on debian-derived Linux distributions

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

goatherd.go

Directories ¶

Path	Synopsis
capture Identified Gateways on Observed sections	Identified Gateways on Observed sections
cmd
collectors
mapper but some of those unused addresses can be network or broadcast addresses if we calculate that we see no traffic from a pairing of a valid network/broadcast address, we mark this mask/prefix as a viable potential subnet	but some of those unused addresses can be network or broadcast addresses if we calculate that we see no traffic from a pairing of a valid network/broadcast address, we mark this mask/prefix as a viable potential subnet
packets
reporter
subnets TTL Tracker monitors the differentials in TTL of packets matched to a given subnet by finding a common integer variance in them, it attempts to guess how many 'hops' the given downstream subnet is from the capturepoint network	TTL Tracker monitors the differentials in TTL of packets matched to a given subnet by finding a common integer variance in them, it attempts to guess how many 'hops' the given downstream subnet is from the capturepoint network

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL