This plugin is for the Intake data loader library.
While requirements.txt contains the package dependencies, we currently need to
install a mixture of conda and pip packages. The install instructions are:
conda install -c intake intake
conda install libpcap
pip install pcapy
python setup.py develop
To bootstrap a sample PCAP file, run the following given your local network
interface (macOS is en0, Linux is eth0) and a sample size of packets:
sudo python examples/dump-live.py examples/local.pcap en0 100
NOTE: If you output to examples/local.pcap, the provided catalog,
sample.yml, will be able to read this.
To read a live stream, run the following with an optional protocol filter
(valid values are tcp, udp, icmp, and igmp):
sudo python examples/read-live.py INTERFACE [PROTOCOL]
To read a local PCAP file, run the following with an optional protocol filter
(valid values are tcp, udp, icmp, and igmp):
sudo python examples/read-pcap.py PATH [PROTOCOL]
To read a catalog source, run the following with a valid name (local reads
PCAP file, raw_live reads Ethernet packets from default macOS network,
udp_live reads UDP packets from default macOS network):
sudo python examples/read-source.py examples/sample.yml NAME