- Other input (traces)
- C API (libcoral)
- Perl API (Coral.pm)
- Analysis Programs in C/C++
- Analysis Programs In Perl
- HTML Report Generation
The CoralReef device drivers are extensions to the operating system that permit the passive collection of data from specialized collection hardware. CoralReef includes FreeBSD drivers for Apptel POINT and FORE ATM cards, and supports the Linux and FreeBSD drivers for Endace DAG cards.
In addition to collecting data from the network monitor device drivers noted above, the CoralReef software suite can read data from live pcap interfaces, and from trace files recorded by CoralReef, older NLANR Coral software, tcpdump, and dagtools.
Libcoral provides a C API for reading passive traffic data and for writing trace files. The data sources supported include live monitoring devices, live network interfaces, and trace files recorded by CoralReef and other software. Applications that use libcoral see a uniform interface to all these source types, so they do not need to be rewritten for each input source. As support for new network card, monitor systems, and link level encapsulations is added to libcoral, application programs that use libcoral will be able to use the new sources with little or no change.Documentation.
Since Perl is often preferred for research tools and rapid prototyping, CoralReef includes the Coral.pm module, which provides an object-oriented interface to the libcoral functionality in Perl. By using SWIG (the Simplified Wrapper and Interface Generator), libcoral objects are wrapped and made accessible from Perl. The perl API also includes the Unpack library, for convenient and efficient access to network protocol data and libcoral data structures. It exists because the native Perl method of extracting headers is too inefficient for a tight loop (one is required to extract every possible field from a header, even when unwanted). With the magic of SWIG, efficient C code to select specific fields from these headers is easily accessible from Perl.Documentation.
C and C++ applications built on top of libcoral provide some turnkey traffic analysis capabilities. Some provide standalone analysis, and some are intended as back ends for the report generation tools. Those capabilities will continue to be refined and expanded in future revisions of CoralReef. In addition, the CoralReef analysis tools provide a solid starting place for developers seeking to develop custom monitoring solutions.Documentation.
Perl applications built on top of libcoral provide some turnkey traffic analysis capabilities. Those capabilities will continue to be refined and expanded in future revisions of CoralReef. In addition, the CoralReef analysis tools provide a solid starting place for developers seeking to develop custom monitoring solutions.Documentation.
The top level of the CoralReef analysis suite provides report generation capabilities for the World Wide Web. These report generation capabilities allow traffic analysis results to be shared with groups as small as local network administrators or as large as end users. These tools are rapidly undergoing revision and updating, and will eventually include CGI scripts and other custom controls to allow for remote report generation and system monitoring.Documentation.