eavesdropper_pcap_parser
| Crates.io | eavesdropper_pcap_parser |
| lib.rs | eavesdropper_pcap_parser |
| version | 0.2.0 |
| source | src |
| created_at | 2021-04-14 16:47:57.081633 |
| updated_at | 2021-04-29 04:09:53.376729 |
| description | A plugin for eavesdropper that converts pcap files into their metadata and puts them into a sql table |
| homepage | |
| repository | https://github.com/TBye101/eavesdropper |
| max_upload_size | |
| id | 384059 |
| size | 12,547 |
Thomas Bye (TBye101)
documentation
README
PCap_Parser
A plugin to extract information from raw PCAP files and store them in the shared database.
Table Definition
This plugin creates one table to store its extracted PCAP information:
Importable Insert and Query Diesel Structs
Environment Variables
This plugin requires the following to be declared in the .env file:
PCAP_PARSER_BATCH_SIZE=batch_size_number
Where batch_size_number is the number of packets to batch before inserting into the database. A decent default for this might be 4096.
Unique Packets
Current behavior for this plugin is to ensure that each packet stored is unique. This is to enable the same capture files to be run again without duplicating data in the database. Criteria for uniqueness is a combination of a hash of the packet's data as well as the timestamp of when the packet was captured. If a packet in a batch is not unique, then an error will be logged and the packet batch will not be stored in the database.