Packet Capture
Netify Agent - Packet Capture Files
You can run the Netify Agent (netifyd) on packet capture files. This can be used for batch processing network data, testing Netify-aware tools, development environments, and more. If you haven't already done so, please start with the getting started introduction.
Capturing Network Traffic
Use the tcpdump tool to capture network traffic. Here is an example:
tcpdump -i eth0 -s 1536 -w /tmp/netify.pcap host 192.168.4.100
For efficiency, the -s (--snapshot-length) should be set to 1536. The Netify Agent does not need anything beyond this limit for DPI analysis. Also, feel free to limit the capture to a specific host, port, or any other network filter expression supported by tcpdump. In order to see some of the bandwidth statistics, please run the capture for at least 60 seconds.
Running Netifyd on Capture File
Once you have a PCAP capture file, you should copy it to the host with netifyd installed. You can then run the network analysis with debug enabled:
netifyd -d -v -t -r -I lo,/tmp/netify.pcap
You should see network traffic flows, along with occasional summary updates. The -r flag (replay mode) means the processing is running with the same timeline as the capture file. Without the -r flag, the processing is done right away.
... preamble ...
lo: [i4----] NTP 91.189.89.199:123 <-- 192.168.4.189:52895
lo: [i4-g--] HTTPS.206.netify.cloudflare 162.159.135.234:443 --> 192.168.4.189:40328
lo: [i4----] HTTPS.10033.netify.netify 35.182.46.62:443 <-- 192.168.4.189:48540 SSL C: sink.eg.netify.ai
lo: [i4----] HTTPS.10091.netify.amazon-aws 52.216.110.189:443 <-- 192.168.4.189:52974 SSL C: s3.amazonaws.com
Caught signal: [35] Real-time signal 1: Update
Cumulative Packet Totals [Uptime: 0d 00:00:15]:
Wire: 3.11 KP ETH: 3.11 KP VLAN: 0
IP: 3.11 KP IPv4: 3.11 KP IPv6: 0
ICMP/IGMP: 0 UDP: 2.69 KP TCP: 423
MPLS: 0 PPPoE: 0
Frags: 0 Discarded: 1 Largest: 1.8 KiB
Cumulative Byte Totals:
Wire: 2.15 MiB
IP: 2.08 MiB IPv4: 2.08 MiB IPv6: 0
Discarded: 1.5 KiB Flows: 22 (+22)
The netifyd man page has detailed information on all the flags. See "man netifyd".
Next Steps
Now that you know how to run the Netify Agent on a PCAP capture file, it's time to learn how to integrate third party applications using:
- Metadata analysis with the Data Stream Socket
- Layer 3 network tools integration with the Network Policy Engine
Netify Agent
Getting Started
Integration
Netify Tools
Netify DPI Alternatives
Integration and Custom Solutions
Do you have any questions about integration, APIs or custom development?
Contact Us