Search in sources :

Example 1 with PacketInfo

use of org.apache.metron.pcap.PacketInfo in project metron by apache.

the class PcapInspector method main.

public static void main(String... argv) throws IOException {
    Configuration conf = new Configuration();
    String[] otherArgs = new GenericOptionsParser(conf, argv).getRemainingArgs();
    CommandLine cli = InspectorOptions.parse(new PosixParser(), otherArgs);
    Path inputPath = new Path(InspectorOptions.INPUT.get(cli));
    int n = -1;
    if (InspectorOptions.NUM.has(cli)) {
        n = Integer.parseInt(InspectorOptions.NUM.get(cli));
    }
    SequenceFile.Reader reader = new SequenceFile.Reader(new Configuration(), SequenceFile.Reader.file(inputPath));
    LongWritable key = new LongWritable();
    BytesWritable value = new BytesWritable();
    for (int i = 0; (n < 0 || i < n) && reader.next(key, value); ++i) {
        long millis = Long.divideUnsigned(key.get(), 1000000);
        String ts = DATE_FORMAT.format(new Date(millis));
        try {
            for (PacketInfo pi : PcapHelper.toPacketInfo(value.copyBytes())) {
                Map<String, Object> result = PcapHelper.packetToFields(pi);
                List<String> fieldResults = new ArrayList<String>() {

                    {
                        add("TS: " + ts);
                    }
                };
                for (Constants.Fields field : Constants.Fields.values()) {
                    if (result.containsKey(field.getName())) {
                        fieldResults.add(field.getName() + ": " + result.get(field.getName()));
                    }
                }
                System.out.println(Joiner.on(",").join(fieldResults));
            }
        } catch (Exception e) {
            System.out.println(String.format("Error: malformed packet #=%s, ts=%s, error msg=%s", i + 1, ts, e.getMessage()));
        }
    }
}
Also used : Path(org.apache.hadoop.fs.Path) Configuration(org.apache.hadoop.conf.Configuration) ArrayList(java.util.ArrayList) Constants(org.apache.metron.common.Constants) BytesWritable(org.apache.hadoop.io.BytesWritable) Date(java.util.Date) IOException(java.io.IOException) SequenceFile(org.apache.hadoop.io.SequenceFile) PacketInfo(org.apache.metron.pcap.PacketInfo) LongWritable(org.apache.hadoop.io.LongWritable) GenericOptionsParser(org.apache.hadoop.util.GenericOptionsParser)

Example 2 with PacketInfo

use of org.apache.metron.pcap.PacketInfo in project metron by apache.

the class PcapTopologyIntegrationTest method readPcaps.

private static Iterable<Map.Entry<byte[], byte[]>> readPcaps(Path pcapFile, boolean withHeaders) throws IOException {
    SequenceFile.Reader reader = new SequenceFile.Reader(new Configuration(), SequenceFile.Reader.file(pcapFile));
    List<Map.Entry<byte[], byte[]>> ret = new ArrayList<>();
    IntWritable key = new IntWritable();
    BytesWritable value = new BytesWritable();
    while (reader.next(key, value)) {
        byte[] pcapWithHeader = value.copyBytes();
        // if you are debugging and want the hex dump of the packets, uncomment the following:
        // for(byte b : pcapWithHeader) {
        // System.out.print(String.format("%02x", b));
        // }
        // System.out.println("");
        long calculatedTs = PcapHelper.getTimestamp(pcapWithHeader);
        {
            List<PacketInfo> info = PcapHelper.toPacketInfo(pcapWithHeader);
            for (PacketInfo pi : info) {
                Assert.assertEquals(calculatedTs, pi.getPacketTimeInNanos());
            // IF you are debugging and want to see the packets, uncomment the following.
            // System.out.println( Long.toUnsignedString(calculatedTs) + " => " + pi.getJsonDoc());
            }
        }
        if (withHeaders) {
            ret.add(new AbstractMap.SimpleImmutableEntry<>(Bytes.toBytes(calculatedTs), pcapWithHeader));
        } else {
            byte[] pcapRaw = new byte[pcapWithHeader.length - PcapHelper.GLOBAL_HEADER_SIZE - PcapHelper.PACKET_HEADER_SIZE];
            System.arraycopy(pcapWithHeader, PcapHelper.GLOBAL_HEADER_SIZE + PcapHelper.PACKET_HEADER_SIZE, pcapRaw, 0, pcapRaw.length);
            ret.add(new AbstractMap.SimpleImmutableEntry<>(Bytes.toBytes(calculatedTs), pcapRaw));
        }
    }
    return Iterables.limit(ret, 2 * (ret.size() / 2));
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) ArrayList(java.util.ArrayList) BytesWritable(org.apache.hadoop.io.BytesWritable) AbstractMap(java.util.AbstractMap) SequenceFile(org.apache.hadoop.io.SequenceFile) PacketInfo(org.apache.metron.pcap.PacketInfo) List(java.util.List) ArrayList(java.util.ArrayList) IntWritable(org.apache.hadoop.io.IntWritable)

Aggregations

ArrayList (java.util.ArrayList)2 Configuration (org.apache.hadoop.conf.Configuration)2 BytesWritable (org.apache.hadoop.io.BytesWritable)2 SequenceFile (org.apache.hadoop.io.SequenceFile)2 PacketInfo (org.apache.metron.pcap.PacketInfo)2 IOException (java.io.IOException)1 AbstractMap (java.util.AbstractMap)1 Date (java.util.Date)1 List (java.util.List)1 Path (org.apache.hadoop.fs.Path)1 IntWritable (org.apache.hadoop.io.IntWritable)1 LongWritable (org.apache.hadoop.io.LongWritable)1 GenericOptionsParser (org.apache.hadoop.util.GenericOptionsParser)1 Constants (org.apache.metron.common.Constants)1