Lib.rs

Parser implementations
#plugin #pcap #eavesdropper #packet-analyzer

eavesdropper_pcap_parser

A plugin for eavesdropper that converts pcap files into their metadata and puts them into a sql table

by Thomas Bye

2 unstable releases

0.2.0 Apr 29, 2021
0.1.0 Apr 14, 2021

#3 in #packet-analyzer

GPL-3.0-only

24KB
328 lines

PCap_Parser

A plugin to extract information from raw PCAP files and store them in the shared database.

Table Definition

This plugin creates one table to store its extracted PCAP information:

Raw SQL

Importable Insert and Query Diesel Structs

Environment Variables

This plugin requires the following to be declared in the .env file:

PCAP_PARSER_BATCH_SIZE=batch_size_number

Where batch_size_number is the number of packets to batch before inserting into the database. A decent default for this might be 4096.

Unique Packets

Current behavior for this plugin is to ensure that each packet stored is unique. This is to enable the same capture files to be run again without duplicating data in the database. Criteria for uniqueness is a combination of a hash of the packet's data as well as the timestamp of when the packet was captured. If a packet in a batch is not unique, then an error will be logged and the packet batch will not be stored in the database.

Dependencies

~11MB
~211K SLoC