# Dump Directory

This directory contains captured network traffic, logs, and analysis artifacts from Nuke telemetry monitoring.

## Purpose

The dump/ directory is used to store:
- **Packet captures** (`.pcap` files) from tcpdump monitoring
- **Network logs** from nethogs, ss, and other monitoring tools
- **Test results** from gap-tests and validation scripts
- **Analysis artifacts** generated during investigation

## Privacy Notice

⚠️ **The files in this repository are sanitized examples only.**

Actual packet captures and logs contain sensitive information:
- Local IP addresses and network topology
- Process IDs and system usernames
- Timing information that could fingerprint your usage patterns
- Potentially encrypted but metadata-rich telemetry data

**Never commit real packet captures or logs to public repositories.**

## Directory Structure

```
dump/
├── README.md                    # This file
├── 02/                         # Investigation phase 2 artifacts
│   └── logs.md                 # Log documentation
├── gap-tests/                  # Gap testing results
│   ├── databases_found.txt     # Sanitized database listing
│   ├── sensitive_patterns.txt  # Search patterns used
│   ├── sqlite_schema.txt       # Database schema dumps
│   └── sqlite_tables.txt       # Table structure listings
└── example_capture.pcap.txt    # Example capture file (text placeholder)
```

## Generating Your Own Dumps

To capture your own telemetry data, use the monitoring scripts:

```bash
# Basic packet capture
sudo tcpdump -i any -w dump/nuke_capture.pcap 'host sentry.foundry.com or host learn.foundry.com'

# Process monitoring
sudo nethogs | tee dump/nethogs_output.log

# Automated monitoring
bash scripts/monitor_nuke_network.sh --continuous
```

See the main README.md and monitoring scripts for detailed capture instructions.

## Analysis

The artifacts in this directory were used to identify:
1. Unencrypted HTTP traffic to `learn.foundry.com`
2. Encrypted HTTPS telemetry to `api.honeycomb.io`
3. Crash reporting to `sentry.foundry.com`
4. Local Nuke SQLite databases containing sync metadata

See `nuke_foundry_analysis.md` in the root directory for detailed findings.