Nicholai/block-nuke-telemetry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
block-nuke-telemetry/dump/README.md
Nicholai 6fada7889a Initial public release - Nuke telemetry monitoring toolkit 
This toolkit provides comprehensive monitoring, analysis, and blocking capabilities
for network telemetry sent by The Foundry's Nuke compositor on Linux.

Key features:
- Network monitoring scripts with automated alerts
- Multi-tier blocking methods (hosts, firewall, namespace, AppArmor)
- Detailed packet capture analysis and documentation
- EULA legal analysis and privacy assessment
- Sanitized example captures and comprehensive guides

All sensitive data (personal IPs, usernames, packet captures) removed.
Ready for public sharing on Gitea.
2025-11-26 15:28:21 -07:00

66 lines
2.2 KiB
Markdown
Raw Permalink Blame History

# Dump Directory
This directory contains captured network traffic, logs, and analysis artifacts from Nuke telemetry monitoring.
## Purpose
The dump/ directory is used to store:
- **Packet captures** (`.pcap` files) from tcpdump monitoring
- **Network logs** from nethogs, ss, and other monitoring tools
- **Test results** from gap-tests and validation scripts
- **Analysis artifacts** generated during investigation
## Privacy Notice
⚠️ **The files in this repository are sanitized examples only.**
Actual packet captures and logs contain sensitive information:
- Local IP addresses and network topology
- Process IDs and system usernames
- Timing information that could fingerprint your usage patterns
- Potentially encrypted but metadata-rich telemetry data
**Never commit real packet captures or logs to public repositories.**
## Directory Structure
```
dump/
├── README.md # This file
├── 02/ # Investigation phase 2 artifacts
│ └── logs.md # Log documentation
├── gap-tests/ # Gap testing results
│ ├── databases_found.txt # Sanitized database listing
│ ├── sensitive_patterns.txt # Search patterns used
│ ├── sqlite_schema.txt # Database schema dumps
│ └── sqlite_tables.txt # Table structure listings
└── example_capture.pcap.txt # Example capture file (text placeholder)
```
## Generating Your Own Dumps
To capture your own telemetry data, use the monitoring scripts:
```bash
# Basic packet capture
sudo tcpdump -i any -w dump/nuke_capture.pcap 'host sentry.foundry.com or host learn.foundry.com'
# Process monitoring
sudo nethogs | tee dump/nethogs_output.log
# Automated monitoring
bash scripts/monitor_nuke_network.sh --continuous
```
See the main README.md and monitoring scripts for detailed capture instructions.
## Analysis
The artifacts in this directory were used to identify:
1. Unencrypted HTTP traffic to `learn.foundry.com`
2. Encrypted HTTPS telemetry to `api.honeycomb.io`
3. Crash reporting to `sentry.foundry.com`
4. Local Nuke SQLite databases containing sync metadata
See `nuke_foundry_analysis.md` in the root directory for detailed findings.
Reference in New Issue View Git Blame Copy Permalink