GitHub user nickwallen opened a pull request:
https://github.com/apache/incubator-metron/pull/76
METRON-110 Create lightweight packet capture script
The fast packet capture process is difficult to manage and deploy in test
and development environments. There are difficulties in integrating it with
the existing deployment environments which makes it difficult to test and demo
functionality that is dependent on packet capture data. Need to create a
lightweight packet capture process that replicates what the fast packet capture
process does. This would effectively be a replacement for Pycapa; one that is
compatible with the Apache license.
Pycapa has two primary runtime modes.
### Producer Mode
Pycapa can be configured to capture packets from a network interface and
then forward those packets to a Kafka topic. The following example will
capture packets from the `eth0` network interface and forward those to a Kafka
topic called `pcap` running on `localhost`.
```
pycapa --producer --kafka localhost:9092 --topic pcap -i eth0
```
To output debug messages every 100 captured packets, run the following.
```
pycapa --producer --kafka localhost:9092 --topic pcap -i eth0 --debug 100
```
### Consumer Mode
Pycapa can be configured to consume packets from a Kafka topic and then
write those packets to a [libpcap-compliant
file](https://wiki.wireshark.org/Development/LibpcapFileFormat). To read 100
packets from a kafka topic and then write those to a [libpcap-compliant
file](https://wiki.wireshark.org/Development/LibpcapFileFormat), run the
following command. The file `out.pcap` can then be opened with a tool such as
Wireshark for further validation.
```
pycapa --consumer --kafka localhost:9092 --topic pcap --n 100 > out.pcap
```
To consume packets from Kafka continuously and print debug messages every
10 packets, run the following command.
```
pycapa --consumer --kafka localhost:9092 --topic pcap --debug 10
```
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/nickwallen/incubator-metron METRON-110
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/76.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #76
----
commit d05bccb7bffcf49dedf0698c457f442e69fb7f75
Author: Nick Allen <[email protected]>
Date: 2016-04-14T18:54:42Z
METRON-110 Create lightweight packet capture script
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
