A parser for generating flow characteristics from PCAP files
Based on the ISCXFlowMeter project.
Features
- No bidirectional
- Timeouts entry in seconds
- Length of packet on wire from captured header for obtaining the actual size of packet (solves the problem of getting the payload size from anonymized data since the payload has been removed from the captured packet)
- PCAP files should be in alphabetical order. Add the leading zeros to the left depending on the number of files, e.g., pcap001 instead of pcap1
-
Packet Capture (PCAP) libraries:
-
For Linux, install libpcap
$ sudo apt-get install libpcap-dev
-
For Windows, install WinPcap
Let's assume that:
- The project
PCAPFlowParserhas been downloaded in$PROJECT_PATH. - The variable
$LINUX_WINrepresents the name of the operating system, namely,linuxorwin.
Therefore, hereinafter, the variable $JNETPCAP_HOME refers to $PROJECT_PATH/lib/jnetpcap-1.4.r1425/$LINUX_WIN.
Following, the installation steps:
-
Add
jnetpcapdependency to the local Maven repository by running the following command in$JNETPCAP_HOME:$ mvn install:install-file -Dfile=jnetpcap.jar -DgroupId=org.jnetpcap -DartifactId=jnetpcap -Dversion=1.4.1 -Dpackaging=jar
-
Setup native
jnetpcapdynamically loadable variable:
-
On Unix systems, add environment variable
LD_LIBRARY_PATH=$JNETPCAP_HOME. -
On Win32 systems, add
$JNETPCAP_HOMEto the systemPATHvariable. -
On IDEs (e.g., Eclipse IDE), add JVM property
-Djava.library.path=$JNETPCAP_HOME.
- Generate the JAR executable file by running
$ mvn packagein$PROJECT_PATH(this step is not required for running the application from an IDE such as Eclipse)
-
For terminal, mvn package and java -jar JAR_FILE *arguments
-
For Eclipse, establish arguments and run as Java app
-
If error persists, try adding $JNETPCAP_HOME to /etc/ld.so.conf.d/libjnetpcap.conf and run sudo ldconfig. Check that libraries are installed using ldconfig -p | grep jnet