Packet Capture

Netify Agent - Packet Capture Files

You can run the Netify Agent (netifyd) on packet capture files. This can be used for batch processing network data, testing Netify-aware tools, development environments, and more. If you haven't already done so, please start with the getting started introduction.

Capturing Network Traffic

Use the tcpdump tool to capture network traffic. Here is an example: 

tcpdump -i eth0 -s 65536 -w /tmp/netify.pcap host 192.168.4.100

For smaller file sizes, the -s (--snapshot-length) should be set to 65536. The Netify Agent does not need anything beyond this limit for DPI analysis. Also, feel free to limit the capture to a specific host, port, or any other network filter expression supported by tcpdump. In order to see some of the bandwidth statistics, please run the capture for at least 60 seconds.

Running Netifyd on Capture File

Once you have a PCAP capture file, you should copy it to the host with netifyd installed. You can then run the network analysis with debug enabled: 

netifyd -d -v -t -r -I lo,/tmp/netify.pcap

You should see network traffic flows, along with occasional summary updates. The -r flag (replay mode) means the processing is running with the same timeline as the capture file. Without the -r flag, the processing is done right away. 

... preamble ...

lo: [i4----] NTP 91.189.89.199:123 <-- 192.168.4.189:52895
lo: [i4-g--] HTTPS.206.netify.cloudflare 162.159.135.234:443 --> 192.168.4.189:40328
lo: [i4----] HTTPS.10033.netify.netify 35.182.46.62:443 <-- 192.168.4.189:48540 SSL C: sink.eg.netify.ai
lo: [i4----] HTTPS.10091.netify.amazon-aws 52.216.110.189:443 <-- 192.168.4.189:52974 SSL C: s3.amazonaws.com
Caught signal: [35] Real-time signal 1: Update

Cumulative Packet Totals [Uptime: 0d 00:00:15]:
        Wire:     3.11 KP           ETH:     3.11 KP          VLAN:        0    
          IP:     3.11 KP          IPv4:     3.11 KP          IPv6:        0    
   ICMP/IGMP:        0              UDP:     2.69 KP           TCP:      423    
        MPLS:        0            PPPoE:        0    
       Frags:        0        Discarded:        1          Largest:      1.8 KiB

Cumulative Byte Totals:
        Wire:     2.15 MiB
          IP:     2.08 MiB         IPv4:     2.08 MiB         IPv6:        0    
                              Discarded:      1.5 KiB        Flows:       22 (+22)

The netifyd man page has detailed information on all the flags. See "man netifyd".

Next Steps

Now that you know how to run the Netify Agent on a PCAP capture file, it's time to learn how to integrate third party applications using the Data Stream Socket.

Netify Agent



Getting Started



Plugins and Addons



Netify Tools



Open Source DPI

Evaluate Netify DPI

Do you want to get started with evaluating Netify DPI? Request the Integrators Kit today.

IntegraKors Kit