use of org.apache.metron.pcap.PacketInfo in project metron by apache.
the class PcapInspector method main.
public static void main(String... argv) throws IOException {
Configuration conf = new Configuration();
String[] otherArgs = new GenericOptionsParser(conf, argv).getRemainingArgs();
CommandLine cli = InspectorOptions.parse(new PosixParser(), otherArgs);
Path inputPath = new Path(InspectorOptions.INPUT.get(cli));
int n = -1;
if (InspectorOptions.NUM.has(cli)) {
n = Integer.parseInt(InspectorOptions.NUM.get(cli));
}
SequenceFile.Reader reader = new SequenceFile.Reader(new Configuration(), SequenceFile.Reader.file(inputPath));
LongWritable key = new LongWritable();
BytesWritable value = new BytesWritable();
for (int i = 0; (n < 0 || i < n) && reader.next(key, value); ++i) {
long millis = Long.divideUnsigned(key.get(), 1000000);
String ts = DATE_FORMAT.format(new Date(millis));
try {
for (PacketInfo pi : PcapHelper.toPacketInfo(value.copyBytes())) {
Map<String, Object> result = PcapHelper.packetToFields(pi);
List<String> fieldResults = new ArrayList<String>() {
{
add("TS: " + ts);
}
};
for (Constants.Fields field : Constants.Fields.values()) {
if (result.containsKey(field.getName())) {
fieldResults.add(field.getName() + ": " + result.get(field.getName()));
}
}
System.out.println(Joiner.on(",").join(fieldResults));
}
} catch (Exception e) {
System.out.println(String.format("Error: malformed packet #=%s, ts=%s, error msg=%s", i + 1, ts, e.getMessage()));
}
}
}
use of org.apache.metron.pcap.PacketInfo in project metron by apache.
the class PcapTopologyIntegrationTest method readPcaps.
private static Iterable<Map.Entry<byte[], byte[]>> readPcaps(Path pcapFile, boolean withHeaders) throws IOException {
SequenceFile.Reader reader = new SequenceFile.Reader(new Configuration(), SequenceFile.Reader.file(pcapFile));
List<Map.Entry<byte[], byte[]>> ret = new ArrayList<>();
IntWritable key = new IntWritable();
BytesWritable value = new BytesWritable();
while (reader.next(key, value)) {
byte[] pcapWithHeader = value.copyBytes();
// if you are debugging and want the hex dump of the packets, uncomment the following:
// for(byte b : pcapWithHeader) {
// System.out.print(String.format("%02x", b));
// }
// System.out.println("");
long calculatedTs = PcapHelper.getTimestamp(pcapWithHeader);
{
List<PacketInfo> info = PcapHelper.toPacketInfo(pcapWithHeader);
for (PacketInfo pi : info) {
Assert.assertEquals(calculatedTs, pi.getPacketTimeInNanos());
// IF you are debugging and want to see the packets, uncomment the following.
// System.out.println( Long.toUnsignedString(calculatedTs) + " => " + pi.getJsonDoc());
}
}
if (withHeaders) {
ret.add(new AbstractMap.SimpleImmutableEntry<>(Bytes.toBytes(calculatedTs), pcapWithHeader));
} else {
byte[] pcapRaw = new byte[pcapWithHeader.length - PcapHelper.GLOBAL_HEADER_SIZE - PcapHelper.PACKET_HEADER_SIZE];
System.arraycopy(pcapWithHeader, PcapHelper.GLOBAL_HEADER_SIZE + PcapHelper.PACKET_HEADER_SIZE, pcapRaw, 0, pcapRaw.length);
ret.add(new AbstractMap.SimpleImmutableEntry<>(Bytes.toBytes(calculatedTs), pcapRaw));
}
}
return Iterables.limit(ret, 2 * (ret.size() / 2));
}
Aggregations