This app parses PCAP-files looking for TCP retransmits and writes the data (addresses and TCP ports) to a file or to Elasticsearch. The output methods are implemented as modules so the pcapgazer's functionality can be easily extended without any intervention to the main code.
The project is structured for building the RPM-package. But you can easily use it as a standalone application. Just copy everything from the src folder and you're done.
Build the RPM package
- Edit the SPEC-file if needed.
- Run rpmbuild. For example:
tar cvzf pcapgazer.tar.gz --exclude=*/.git pcapgazer rpmbuild -ta pcapgazer.tar.gz
All the needed Perl modules will be installed by dependencies if you are using the RPM package. Otherwise preinstall the following modules:
Run the application
- Edit config.ini for your needs.
- To run it once manually:
- In order to execute the script for every captured dump-file run the tcpdump as follows:
tcpdump -nnpi any -W 50 -C 10 -w /tmp/dump <some-filter> -z /opt/pcapgazer/pcapgazer.pl
Anyone and everyone is welcome to contribute.
Found a bug or want to request a new feature? Please submit an Issue on this repo.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.