Netify Agent - Packet Capture Files
You can run the Netify Agent (netifyd) on packet capture files. This can be used for batch processing network data, testing Netify-aware tools, development environments, and more. If you haven't already done so, please start with the getting started introduction.
Capturing Network Traffic
Use the tcpdump tool to capture network traffic. Here is an example:
tcpdump -i eth0 -s 65536 -w /tmp/netify.pcap host 192.168.4.100
For smaller file sizes, the -s (--snapshot-length) should be set to 65536. The Netify Agent does not need anything beyond this limit for DPI analysis. Also, feel free to limit the capture to a specific host, port, or any other network filter expression supported by tcpdump. In order to see some of the bandwidth statistics, please run the capture for at least 60 seconds.
Running Netifyd on Capture File
Once you have a PCAP capture file, you should copy it to the host with netifyd installed. You can then run the network analysis with debug enabled:
netifyd -d -v -t -r -I lo,/tmp/netify.pcap
You should see network traffic flows, along with occasional summary updates. The -r flag (replay mode) means the processing is running with the same timeline as the capture file. Without the -r flag, the processing is done right away.
... preamble ... lo: [i4----] NTP 184.108.40.206:123 <-- 192.168.4.189:52895 lo: [i4-g--] HTTPS.206.netify.cloudflare 220.127.116.11:443 --> 192.168.4.189:40328 lo: [i4----] HTTPS.10033.netify.netify 18.104.22.168:443 <-- 192.168.4.189:48540 SSL C: sink.eg.netify.ai lo: [i4----] HTTPS.10091.netify.amazon-aws 22.214.171.124:443 <-- 192.168.4.189:52974 SSL C: s3.amazonaws.com Caught signal:  Real-time signal 1: Update Cumulative Packet Totals [Uptime: 0d 00:00:15]: Wire: 3.11 KP ETH: 3.11 KP VLAN: 0 IP: 3.11 KP IPv4: 3.11 KP IPv6: 0 ICMP/IGMP: 0 UDP: 2.69 KP TCP: 423 MPLS: 0 PPPoE: 0 Frags: 0 Discarded: 1 Largest: 1.8 KiB Cumulative Byte Totals: Wire: 2.15 MiB IP: 2.08 MiB IPv4: 2.08 MiB IPv6: 0 Discarded: 1.5 KiB Flows: 22 (+22)
The netifyd man page has detailed information on all the flags. See "man netifyd".
Now that you know how to run the Netify Agent on a PCAP capture file, it's time to learn how to integrate third party applications using the Data Stream Socket.