Show HN: Cerberus – Real-time network monitor with eBPF
a day ago
- #network-monitoring
- #real-time-analysis
- #eBPF
- Cerberus is a high-performance network monitoring tool using eBPF for real-time traffic visibility.
- Features include real-time traffic capture, Layer 7 protocol inspection, and automatic device discovery.
- Supports traffic classification, vendor identification, and pattern tracking with LRU caching.
- Includes a statistics dashboard, smart deduplication, and persistent storage with Redis migration.
- Architecture involves kernel space (eBPF handlers) and user space (monitoring and analysis components).
- Requires Linux kernel 4.18+, Go 1.24+, Clang/LLVM, and root/sudo privileges.
- Provides detailed traffic analysis for ARP, TCP, UDP, ICMP, DNS, HTTP, and TLS protocols.
- Deep packet inspection extracts application-layer info like DNS queries, HTTP methods, and TLS handshakes.
- Customizable monitoring with options for interface selection, cache size, and statistics interval.
- Future enhancements include Redis backend, REST API, web dashboard, and anomaly detection using ML.