Nicholai/block-nuke-telemetry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
block-nuke-telemetry/dump
History
Nicholai 6fada7889a Initial public release - Nuke telemetry monitoring toolkit 
This toolkit provides comprehensive monitoring, analysis, and blocking capabilities
for network telemetry sent by The Foundry's Nuke compositor on Linux.

Key features:
- Network monitoring scripts with automated alerts
- Multi-tier blocking methods (hosts, firewall, namespace, AppArmor)
- Detailed packet capture analysis and documentation
- EULA legal analysis and privacy assessment
- Sanitized example captures and comprehensive guides

All sensitive data (personal IPs, usernames, packet captures) removed.
Ready for public sharing on Gitea.
2025-11-26 15:28:21 -07:00
..
02
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
gap-tests
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
example_capture.pcap.txt
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00
README.md
Initial public release - Nuke telemetry monitoring toolkit
2025-11-26 15:28:21 -07:00

README.md

Dump Directory

This directory contains captured network traffic, logs, and analysis artifacts from Nuke telemetry monitoring.

Purpose

The dump/ directory is used to store:

  • Packet captures (.pcap files) from tcpdump monitoring
  • Network logs from nethogs, ss, and other monitoring tools
  • Test results from gap-tests and validation scripts
  • Analysis artifacts generated during investigation

Privacy Notice

⚠️ The files in this repository are sanitized examples only.

Actual packet captures and logs contain sensitive information:

  • Local IP addresses and network topology
  • Process IDs and system usernames
  • Timing information that could fingerprint your usage patterns
  • Potentially encrypted but metadata-rich telemetry data

Never commit real packet captures or logs to public repositories.

Directory Structure

dump/
├── README.md                    # This file
├── 02/                         # Investigation phase 2 artifacts
│   └── logs.md                 # Log documentation
├── gap-tests/                  # Gap testing results
│   ├── databases_found.txt     # Sanitized database listing
│   ├── sensitive_patterns.txt  # Search patterns used
│   ├── sqlite_schema.txt       # Database schema dumps
│   └── sqlite_tables.txt       # Table structure listings
└── example_capture.pcap.txt    # Example capture file (text placeholder)

Generating Your Own Dumps

To capture your own telemetry data, use the monitoring scripts:

# Basic packet capture
sudo tcpdump -i any -w dump/nuke_capture.pcap 'host sentry.foundry.com or host learn.foundry.com'

# Process monitoring
sudo nethogs | tee dump/nethogs_output.log

# Automated monitoring
bash scripts/monitor_nuke_network.sh --continuous

See the main README.md and monitoring scripts for detailed capture instructions.

Analysis

The artifacts in this directory were used to identify:

  1. Unencrypted HTTP traffic to learn.foundry.com
  2. Encrypted HTTPS telemetry to api.honeycomb.io
  3. Crash reporting to sentry.foundry.com
  4. Local Nuke SQLite databases containing sync metadata

See nuke_foundry_analysis.md in the root directory for detailed findings.