You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/04/14 21:03:25 UTC

[jira] [Commented] (METRON-110) Lightweight Packet Capture Script

    [ https://issues.apache.org/jira/browse/METRON-110?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15241731#comment-15241731 ] 

ASF GitHub Bot commented on METRON-110:
---------------------------------------

GitHub user nickwallen opened a pull request:

    https://github.com/apache/incubator-metron/pull/76

    METRON-110 Create lightweight packet capture script

    The fast packet capture process is difficult to manage and deploy in test and development environments.  There are difficulties in integrating it with the existing deployment environments which makes it difficult to test and demo functionality that is dependent on packet capture data.  Need to create a lightweight packet capture process that replicates what the fast packet capture process does.  This would effectively be a replacement for Pycapa; one that is compatible with the Apache license.  
    
    Pycapa has two primary runtime modes.
    
    ### Producer Mode
    
    Pycapa can be configured to capture packets from a network interface and then forward those packets to a Kafka topic.  The following example will capture packets from the `eth0` network interface and forward those to a Kafka topic called `pcap` running on `localhost`.
    
    ```
    pycapa --producer --kafka localhost:9092 --topic pcap -i eth0
    ```
    
    To output debug messages every 100 captured packets, run the following.
    
    ```
    pycapa --producer --kafka localhost:9092 --topic pcap -i eth0 --debug 100
    ```
    
    ### Consumer Mode
    
    Pycapa can be configured to consume packets from a Kafka topic and then write those packets to a [libpcap-compliant file](https://wiki.wireshark.org/Development/LibpcapFileFormat).  To read 100 packets from a kafka topic and then write those to a [libpcap-compliant file](https://wiki.wireshark.org/Development/LibpcapFileFormat), run the following command.  The file `out.pcap` can then be opened with a tool such as Wireshark for further validation.
    
    ```
    pycapa --consumer --kafka localhost:9092 --topic pcap --n 100 > out.pcap
    ```
    
    To consume packets from Kafka continuously and print debug messages every 10 packets, run the following command.  
    
    ```
    pycapa --consumer --kafka localhost:9092 --topic pcap --debug 10
    ```


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/nickwallen/incubator-metron METRON-110

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/76.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #76
    
----
commit d05bccb7bffcf49dedf0698c457f442e69fb7f75
Author: Nick Allen <ni...@nickallen.org>
Date:   2016-04-14T18:54:42Z

    METRON-110 Create lightweight packet capture script

----


> Lightweight Packet Capture Script
> ---------------------------------
>
>                 Key: METRON-110
>                 URL: https://issues.apache.org/jira/browse/METRON-110
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Nick Allen
>
> The fast packet capture process is difficult to manage and deploy in test and development environments.  There are difficulties in integrating it with the existing deployment environments which makes it difficult to test and demo functionality that is dependent on packet capture data.
> Need to create a lightweight packet capture process that replicates what the fast packet capture process does.  This would effectively be a replacement for Pycapa; one that is compatible with the Apache license.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)