Example 1 with Pcap
use of io.pkts.Pcap in project graylog2-server by Graylog2.
the class NetFlowV5ParserTest method pcap_netgraph_NetFlowV5.
@Test
public void pcap_netgraph_NetFlowV5() throws Exception {
final List<NetFlowV5Record> allRecords = new ArrayList<>();
try (InputStream inputStream = Resources.getResource("netflow-data/netgraph-netflow5.pcap").openStream()) {
final Pcap pcap = Pcap.openStream(inputStream);
pcap.loop(packet -> {
if (packet.hasProtocol(Protocol.UDP)) {
final UDPPacket udp = (UDPPacket) packet.getPacket(Protocol.UDP);
final ByteBuf byteBuf = Unpooled.wrappedBuffer(udp.getPayload().getArray());
final NetFlowV5Packet netFlowV5Packet = NetFlowV5Parser.parsePacket(byteBuf);
assertThat(netFlowV5Packet).isNotNull();
allRecords.addAll(netFlowV5Packet.records());
}
return true;
});
}
assertThat(allRecords).hasSize(120);
}Example 2 with Pcap
use of io.pkts.Pcap in project graylog2-server by Graylog2.
the class NetflowV9CodecAggregatorTest method decodePcapStream.
private Collection<Message> decodePcapStream(String resourceName) throws IOException {
final List<Message> allMessages = Lists.newArrayList();
try (InputStream inputStream = Resources.getResource(resourceName).openStream()) {
final Pcap pcap = Pcap.openStream(inputStream);
pcap.loop(packet -> {
if (packet.hasProtocol(Protocol.UDP)) {
final UDPPacket udp = (UDPPacket) packet.getPacket(Protocol.UDP);
final InetSocketAddress source = new InetSocketAddress(udp.getParentPacket().getSourceIP(), udp.getSourcePort());
final CodecAggregator.Result result = codecAggregator.addChunk(Unpooled.copiedBuffer(udp.getPayload().getArray()), source);
if (result.isValid() && result.getMessage() != null) {
final Collection<Message> c = codec.decodeMessages(convertToRawMessage(result, source));
if (c != null) {
allMessages.addAll(c);
}
}
}
return true;
});
}
return allMessages;
}
Also used :
CodecAggregator(org.graylog2.plugin.inputs.codecs.CodecAggregator)
RawMessage(org.graylog2.plugin.journal.RawMessage)
Message(org.graylog2.plugin.Message)
InputStream(java.io.InputStream)
InetSocketAddress(java.net.InetSocketAddress)
Pcap(io.pkts.Pcap)
UDPPacket(io.pkts.packet.UDPPacket)
Example 3 with Pcap
use of io.pkts.Pcap in project graylog2-server by Graylog2.
the class NetFlowV5ParserTest method pcap_pmacctd_NetFlowV5.
@Test
public void pcap_pmacctd_NetFlowV5() throws Exception {
final List<NetFlowV5Record> allRecords = new ArrayList<>();
try (InputStream inputStream = Resources.getResource("netflow-data/pmacctd-netflow5.pcap").openStream()) {
final Pcap pcap = Pcap.openStream(inputStream);
pcap.loop(packet -> {
if (packet.hasProtocol(Protocol.UDP)) {
final UDPPacket udp = (UDPPacket) packet.getPacket(Protocol.UDP);
final ByteBuf byteBuf = Unpooled.wrappedBuffer(udp.getPayload().getArray());
final NetFlowV5Packet netFlowV5Packet = NetFlowV5Parser.parsePacket(byteBuf);
assertThat(netFlowV5Packet).isNotNull();
allRecords.addAll(netFlowV5Packet.records());
}
return true;
});
}
assertThat(allRecords).hasSize(42);
}Example 4 with Pcap
use of io.pkts.Pcap in project graylog2-server by Graylog2.
the class NetFlowV5ParserTest method pcap_softflowd_NetFlowV5.
@Test
public void pcap_softflowd_NetFlowV5() throws Exception {
final List<NetFlowV5Record> allRecords = new ArrayList<>();
try (InputStream inputStream = Resources.getResource("netflow-data/netflow5.pcap").openStream()) {
final Pcap pcap = Pcap.openStream(inputStream);
pcap.loop(packet -> {
if (packet.hasProtocol(Protocol.UDP)) {
final UDPPacket udp = (UDPPacket) packet.getPacket(Protocol.UDP);
final ByteBuf byteBuf = Unpooled.wrappedBuffer(udp.getPayload().getArray());
final NetFlowV5Packet netFlowV5Packet = NetFlowV5Parser.parsePacket(byteBuf);
assertThat(netFlowV5Packet).isNotNull();
allRecords.addAll(netFlowV5Packet.records());
}
return true;
});
}
assertThat(allRecords).hasSize(4);
}Example 5 with Pcap
use of io.pkts.Pcap in project graylog2-server by Graylog2.
the class NetflowV9CodecAggregatorTest method parseNetflowPcapStream.
private Collection<NetFlowV9Packet> parseNetflowPcapStream(String resourceName) throws IOException {
final List<NetFlowV9Packet> allPackets = Lists.newArrayList();
try (InputStream inputStream = Resources.getResource(resourceName).openStream()) {
final Pcap pcap = Pcap.openStream(inputStream);
pcap.loop(packet -> {
if (packet.hasProtocol(Protocol.UDP)) {
final UDPPacket udp = (UDPPacket) packet.getPacket(Protocol.UDP);
final InetSocketAddress source = new InetSocketAddress(udp.getParentPacket().getSourceIP(), udp.getSourcePort());
final CodecAggregator.Result result = codecAggregator.addChunk(Unpooled.copiedBuffer(udp.getPayload().getArray()), source);
if (result.isValid() && result.getMessage() != null) {
final ByteBuf buffer = result.getMessage();
// must read the marker byte off the buffer first.
buffer.readByte();
allPackets.addAll(codec.decodeV9Packets(buffer));
}
}
return true;
});
}
return allPackets;
}
Also used :
CodecAggregator(org.graylog2.plugin.inputs.codecs.CodecAggregator)
InputStream(java.io.InputStream)
InetSocketAddress(java.net.InetSocketAddress)
NetFlowV9Packet(org.graylog.plugins.netflow.v9.NetFlowV9Packet)
Pcap(io.pkts.Pcap)
ByteBuf(io.netty.buffer.ByteBuf)
UDPPacket(io.pkts.packet.UDPPacket)
Aggregations
Pcap (io.pkts.Pcap)5
UDPPacket (io.pkts.packet.UDPPacket)5
InputStream (java.io.InputStream)5
ByteBuf (io.netty.buffer.ByteBuf)4
ArrayList (java.util.ArrayList)3
Test (org.junit.Test)3
InetSocketAddress (java.net.InetSocketAddress)2
CodecAggregator (org.graylog2.plugin.inputs.codecs.CodecAggregator)2
NetFlowV9Packet (org.graylog.plugins.netflow.v9.NetFlowV9Packet)1
Message (org.graylog2.plugin.Message)1
RawMessage (org.graylog2.plugin.journal.RawMessage)1
