Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Metron: ingest PCAP files

Solved Go to solution
Highlighted

Metron: ingest PCAP files

Expert Contributor

Hi,

I saw that it's possible to use pycapa script in order to capture data and send it to kafka.
Do you know if there's an easy way to directly ingest pcap file that has been generated by another system? Like a program that read the pcap file and send it to kafka? Or another manner to do it?

Thanks

Michel

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Metron: ingest PCAP files

Rising Star

Yes, we do that a lot for testing.

  • First, use a tool like 'tcpreplay' to replay a pcap file to a network interface. There is even a simple tool in Metron (https://github.com/apache/metron/tree/master/metron-deployment/roles/pcap_replay) that effectively wraps 'tcpreplay' to make it easy to replay packet captures to a virtual network interface.
  • Then use 'pycapa' in producer mode to sniff the packets from that network interface and land them in Kafka.

View solution in original post

2 REPLIES 2

Re: Metron: ingest PCAP files

Rising Star

Yes, we do that a lot for testing.

  • First, use a tool like 'tcpreplay' to replay a pcap file to a network interface. There is even a simple tool in Metron (https://github.com/apache/metron/tree/master/metron-deployment/roles/pcap_replay) that effectively wraps 'tcpreplay' to make it easy to replay packet captures to a virtual network interface.
  • Then use 'pycapa' in producer mode to sniff the packets from that network interface and land them in Kafka.

View solution in original post

Highlighted

Re: Metron: ingest PCAP files

Expert Contributor

@nallen

The pcap_replay is install as a service by default with HCP 1.2? If not, how to install it manually?

Thanks

Don't have an account?
Coming from Hortonworks? Activate your account here