Tools

Traffic Generator

You can add a traffic generator container to the source, however this is not required. This is Nubeva’s standard traffic generator container. A container runs for approximately 60-120 seconds. You may use a cron job to run a container every minute. The actual docker command to run this generator once is:

docker run -dti nubevalab/tlsgenerator

You can check that Fast Key DB is receiving keys accessing the URL below from a browser:

https://key.nubedge.com:4433/dumpkeys

You may also run the generator as a script using the following code:

#!/bin/bash

# Sample sources of TLS traffic

while true; do
aws iam get-user  --output json
sleep 5
aws ec2 describe-vpcs --output json --region us-east-1
sleep 5
#Grab EICAR first as binary then as text
curl --output /dev/null https://secure.eicar.org/eicar.com
sleep 5
#TLS version of TestmyIDS.com
curl --output /dev/null https://nubevalabs.s3.amazonaws.com/testmyids.txt
sleep 5
#Download Google Homepage via TLS
curl --tlsv1.3 --output /dev/null https://www.google.com
sleep 5
#Download ESPN Homepage via TLS
curl --output /dev/null https://www.bbc.com
sleep 5
done

Wireshark

A containerized version of Wireshark can be deployed using the following command:

docker run -v /tmp:/keys -p 14500:14500 --restart unless-stopped -dti --cap-add NET_ADMIN --net=host --name wireshark  ffeldhaus/wireshark

The default credentials for Wireshark are wireshark, wireshark.

Set Wireshark to monitor the nurx0 interface. You will be able to see encrypted and decrypted traffic:

../_images/Wireshark.png