Support Questions

msumbul1 · ‎09-15-2017

Hi,

I saw that it's possible to use pycapa script in order to capture data and send it to kafka.
Do you know if there's an easy way to directly ingest pcap file that has been generated by another system? Like a program that read the pcap file and send it to kafka? Or another manner to do it?

Thanks

Michel

nallen · ‎09-16-2017

Yes, we do that a lot for testing.

First, use a tool like 'tcpreplay' to replay a pcap file to a network interface. There is even a simple tool in Metron (https://github.com/apache/metron/tree/master/metron-deployment/roles/pcap_replay) that effectively wraps 'tcpreplay' to make it easy to replay packet captures to a virtual network interface.
Then use 'pycapa' in producer mode to sniff the packets from that network interface and land them in Kafka.

View solution in original post

nallen · ‎09-16-2017

Yes, we do that a lot for testing.

First, use a tool like 'tcpreplay' to replay a pcap file to a network interface. There is even a simple tool in Metron (https://github.com/apache/metron/tree/master/metron-deployment/roles/pcap_replay) that effectively wraps 'tcpreplay' to make it easy to replay packet captures to a virtual network interface.
Then use 'pycapa' in producer mode to sniff the packets from that network interface and land them in Kafka.

msumbul1 · ‎09-21-2017

@nallen

The pcap_replay is install as a service by default with HCP 1.2? If not, how to install it manually?

Thanks

Cloudera Community

Support Questions

Metron: ingest PCAP files

metron pcap query

Metron pcap analysis vs wireshark

Apache Metron Explained!

metron pcap data stored in HDFS sequence format

Metron UI - Explained

How to ingest data from Oracle into Azure ADLS Gen...

Apache Metron User Personas and Why Metron?

Ingesting binary files (like PDF, JPG, PNG) to HBa...

Pcap data index to ElasticSearch

Ingesting a Big CSV file into Kafka using a multi-...