pcapr-local 0.1.13 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. data/README.html +733 -451
  2. data/README.md +107 -24
  3. data/Rakefile +5 -7
  4. data/VERSION +1 -1
  5. data/lib/mu/scenario/pcap.rb +8 -0
  6. data/lib/pcapr_local.rb +11 -1
  7. data/lib/pcapr_local/config.rb +13 -8
  8. data/pcapr-local.gemspec +3 -27
  9. metadata +7 -28
data/README.html CHANGED
@@ -1,468 +1,750 @@
1
1
  <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2
+
2
3
  <html>
3
4
  <head>
4
- <meta content="text/html; charset=ISO-8859-1"
5
- http-equiv="content-type" />
5
+ <meta content="text/html; charset=us-ascii" http-equiv="content-type">
6
+
6
7
  <title>Pcapr.Local</title>
7
- <style type="text/css">
8
-
9
-
10
- #masthead{
11
- margin: 0;
12
- border-bottom: 1px solid #cccccc;
13
- width: 600px;
14
- padding-top: 10px;
15
- padding-right: 0px;
16
- padding-bottom: 5px;
17
- padding-left: 0px;
18
- }
19
-
20
- #content{
21
- float: left;
22
- width: 600px;
23
- margin: 0;
24
- padding: 0 3% 0 0;
25
- line-height: 16px;
26
- }
27
-
28
- #siteInfo{
29
- clear: both;
30
- border: 1px solid #cccccc;
31
- font-size: 75%;
32
- color: #cccccc;
33
- background-color:inherit;
34
- padding: 10px 10px 10px 10px;
35
- margin-top: 0px;
36
- width: 600px;
37
- }
38
-
39
- body {
40
- background-color: #FFFFFF;
41
- font-family: Arial, sans-serif;
42
- font-size: 9pt;
43
- color: #333333;
44
- left:auto;
45
- top: auto;
46
- bottom: auto;
47
- margin: 10 0 0 10px;
48
- right: auto;
49
- width: 95%;
50
- }
51
-
52
- p {
53
- font-family: Arial, sans-serif;
54
- font-size: 9pt;
55
- text-align: left;
56
- line-height: 16px;
57
- width: auto;
58
- margin-top: 10px;
59
- margin-left: 10px;
60
- padding: 0px;
61
- }
62
-
63
- a:link, a:visited {
64
- color: #3B6EBF;
65
- background-color: transparent;
66
- text-decoration: none;
67
- }
68
-
69
- a:hover {
70
- color: #3B6EBF;
71
- text-decoration: underline;
72
- }
73
-
74
-
75
- .code{
76
- font-family: Courier, monospace;
77
- font-size: 9pt
8
+ <style type="text/css">
9
+
10
+
11
+ #masthead{
12
+ margin: 0;
13
+ border-bottom: 1px solid #cccccc;
14
+ width: 600px;
15
+ padding-top: 10px;
16
+ padding-right: 0px;
17
+ padding-bottom: 5px;
18
+ padding-left: 0px;
19
+ }
20
+
21
+ #content{
22
+ float: left;
23
+ width: 600px;
24
+ margin: 0;
25
+ padding: 0 3% 0 0;
26
+ line-height: 16px;
27
+ }
28
+
29
+ #siteInfo{
30
+ clear: both;
31
+ border: 1px solid #cccccc;
32
+ font-size: 75%;
33
+ color: #cccccc;
34
+ background-color:inherit;
35
+ padding: 10px 10px 10px 10px;
36
+ margin-top: 0px;
37
+ width: 600px;
38
+ }
39
+
40
+ body {
41
+ background-color: #FFFFFF;
42
+ font-family: Arial, sans-serif;
43
+ font-size: 9pt;
44
+ color: #333333;
45
+ left:auto;
46
+ top: auto;
47
+ bottom: auto;
48
+ margin: 10 0 0 10px;
49
+ right: auto;
50
+ width: 95%;
51
+ }
52
+
53
+ p {
54
+ font-family: Arial, sans-serif;
55
+ font-size: 9pt;
56
+ text-align: left;
57
+ line-height: 16px;
58
+ width: auto;
59
+ margin-top: 10px;
60
+ margin-left: 10px;
61
+ padding: 0px;
62
+ }
63
+
64
+ a:link, a:visited {
65
+ color: #3B6EBF;
66
+ background-color: transparent;
67
+ text-decoration: none;
78
68
  }
79
69
 
70
+ a:hover {
71
+ color: #3B6EBF;
72
+ text-decoration: underline;
73
+ }
74
+
75
+
76
+ .code{
77
+ font-family: Courier, monospace;
78
+ font-size: 9pt
79
+ }
80
+
81
+
82
+ .note {
83
+ font-style: italic;
84
+ font-size: 9pt;
85
+ font-family: Helvetica, Arial, sans-serif;
86
+ margin-top: 10px;
87
+ margin-right: 0;
88
+ margin-bottom: 5px;
89
+ margin-left: 10px;
90
+ width: 85%;
91
+ }
92
+
93
+ li {
94
+ font-family: Arial, sans-serif;
95
+ font-size: 9pt;
96
+ font-weight: normal;
97
+ line-height: 16px;
98
+ width: auto;
99
+ margin-top: 0px;
100
+ margin-right: 0px;
101
+ margin-bottom: 10px;
102
+ margin-left: 6px;
103
+ padding-top: 0px;
104
+ padding-right: 2%;
105
+ padding-bottom: 0px;
106
+ padding-left: 0px;
107
+ }
80
108
 
81
- .note {
82
- font-style: italic;
83
- font-size: 9pt;
84
- font-family: Helvetica, Arial, sans-serif;
85
- margin-top: 10px;
86
- margin-right: 0;
87
- margin-bottom: 5px;
88
- margin-left: 10px;
89
- width: 85%;
90
- }
91
-
92
- li {
93
- font-family: Arial, sans-serif;
94
- font-size: 9pt;
95
- font-weight: normal;
96
- line-height: 16px;
97
- width: auto;
98
- margin-top: 0px;
99
- margin-right: 0px;
100
- margin-bottom: 10px;
101
- margin-left: 6px;
102
- padding-top: 0px;
103
- padding-right: 2%;
104
- padding-bottom: 0px;
105
- padding-left: 0px;
106
- }
107
-
108
- ul {
109
- list-style-type: disc;
110
- list-style-position: outside;
111
- margin-top: 8px;
112
- }
113
-
114
- .UI_link_blue {
115
- color: #369;
116
- text-decoration: underline;
117
- }
118
-
119
- .code_black_background {
120
- border:1px solid silver;
121
- font-size: 9pt;
122
- width: 90%;
123
- margin-top: 8px;
124
- margin-left: 2%;
125
- margin-right: 4px;
126
- margin-bottom: 4px;
127
- font-family: Courier, monospace;
128
- font-weight: normal;
129
- background-color: #333;
130
- color: #FFF;
131
- padding: 4px;
132
- }
133
-
134
-
135
- h1{
136
- font-family: Verdana, Arial, Helvetica, sans-serif;
137
- font-size: 12pt;
138
- color: #E95D20;
139
- background-color: inherit;
140
- padding-top: 5px;
141
- background-image: none;
142
- font-weight: bold;
143
- margin: 0px;
144
- width: 100%;
145
- }
146
-
147
- h2{
148
- -moz-border-radius-bottomleft:0;
149
- -moz-border-radius-bottomright:0;
150
- -moz-border-radius-topleft:8px;
151
- -moz-border-radius-topright:8px;
152
- color:#E95D20;
153
- font-family:Arial, sans-serif;
154
- font-size:10pt;
155
- font-style:oblique;
156
- margin:15 0 0 8px;
157
- padding: 4 2 1 0px;
158
- }
159
-
160
- h3{
161
- -moz-border-radius-bottomleft:0;
162
- -moz-border-radius-bottomright:0;
163
- -moz-border-radius-topleft:8px;
164
- -moz-border-radius-topright:8px;
165
- border:1px solid silver;
166
- font-size: 9pt;
167
- color: #333333;
168
- background-color: #E7E7E7;
169
- font-weight: bold;
170
- width: 580px;
171
- padding-top: 4px;
172
- padding-bottom: 1px;
173
- padding-left: 6px;
174
- margin-top: 20px;
175
- margin-left: 6px;
176
- }
177
-
178
- h4{
179
- font-size: 9pt;
180
- font-weight: bold;
181
- vertical-align: top;
182
- text-align: left;
183
- margin-top: 0px;
184
- margin-right: 15px;
185
- margin-bottom: 5px;
186
- margin-left: 10px;
187
- color: #333333;
188
- font-style: normal;
189
- font-variant: normal;
190
- text-transform: none;
191
- border: #DFDFDF; }
192
-
193
-
194
- h5{
195
- font-size: 9pt;
196
- color: #333333;
197
- font-style: italic;
198
- font-weight: normal;
199
- margin: 6px 2px 4px 2px;
200
- padding: 0px;
201
- }
202
-
203
- h6 {
204
- border:1px solid silver;
205
- font-size: 9pt;
206
- color: #333333;
207
- font-weight: normal;
208
- background-color: #E7E7E7;
209
- width: 96%;
210
- padding-top: 4px;
211
- padding-bottom: 1px;
212
- padding-left: 4px;
213
- margin-top: 15px;
214
- margin-left: 4px;
215
- margin-right:2px;
216
- margin-bottom:1px;
217
- }
218
-
219
- /*********** begin wide tables ***********/
220
- table.wide {
221
- background: #FFFFFF;
222
- border-collapse: collapse;
223
- align: left;
224
- width: 99%;
225
- margin-top: 3%;
226
- margin-right: 1%;
227
- margin-bottom: 3%;
228
- margin-left: 15px;
229
- }
230
- table.wide th, table.wide td {
109
+ ul {
110
+ list-style-type: disc;
111
+ list-style-position: outside;
112
+ margin-top: 8px;
113
+ }
114
+
115
+ .UI_link_blue {
116
+ color: #369;
117
+ text-decoration: underline;
118
+ }
119
+
120
+ .code_black_background {
121
+ border:1px solid silver;
122
+ font-size: 9pt;
123
+ width: 90%;
124
+ margin-top: 8px;
125
+ margin-left: 2%;
126
+ margin-right: 4px;
127
+ margin-bottom: 4px;
128
+ font-family: Courier, monospace;
129
+ font-weight: normal;
130
+ background-color: #333;
131
+ color: #FFF;
132
+ padding: 4px;
133
+ }
134
+
135
+
136
+ h1{
137
+ font-family: Verdana, Arial, Helvetica, sans-serif;
138
+ font-size: 12pt;
139
+ color: #E95D20;
140
+ background-color: inherit;
141
+ padding-top: 5px;
142
+ background-image: none;
143
+ font-weight: bold;
144
+ margin: 0px;
145
+ width: 100%;
146
+ }
147
+
148
+ h2{
149
+ -moz-border-radius-bottomleft:0;
150
+ -moz-border-radius-bottomright:0;
151
+ -moz-border-radius-topleft:8px;
152
+ -moz-border-radius-topright:8px;
153
+ color:#E95D20;
154
+ font-family:Arial, sans-serif;
155
+ font-size:10pt;
156
+ font-style:oblique;
157
+ margin:15 0 0 8px;
158
+ padding: 4 2 1 0px;
159
+ }
160
+
161
+ h3{
162
+ -moz-border-radius-bottomleft:0;
163
+ -moz-border-radius-bottomright:0;
164
+ -moz-border-radius-topleft:8px;
165
+ -moz-border-radius-topright:8px;
166
+ border:1px solid silver;
167
+ font-size: 9pt;
168
+ color: #333333;
169
+ background-color: #E7E7E7;
170
+ font-weight: bold;
171
+ width: 580px;
172
+ padding-top: 4px;
173
+ padding-bottom: 1px;
174
+ padding-left: 6px;
175
+ margin-top: 20px;
176
+ margin-left: 6px;
177
+ }
178
+
179
+ h4{
180
+ font-size: 9pt;
181
+ font-weight: bold;
182
+ vertical-align: top;
183
+ text-align: left;
184
+ margin-top: 0px;
185
+ margin-right: 15px;
186
+ margin-bottom: 5px;
187
+ margin-left: 10px;
188
+ color: #333333;
189
+ font-style: normal;
190
+ font-variant: normal;
191
+ text-transform: none;
192
+ border: #DFDFDF; }
193
+
194
+
195
+ h5{
196
+ font-size: 9pt;
197
+ color: #333333;
198
+ font-style: italic;
199
+ font-weight: normal;
200
+ margin: 6px 2px 4px 2px;
201
+ padding: 0px;
202
+ }
203
+
204
+ h6 {
205
+ border:1px solid silver;
206
+ font-size: 9pt;
207
+ color: #333333;
208
+ font-weight: normal;
209
+ background-color: #E7E7E7;
210
+ width: 96%;
211
+ padding-top: 4px;
212
+ padding-bottom: 1px;
213
+ padding-left: 4px;
214
+ margin-top: 15px;
215
+ margin-left: 4px;
216
+ margin-right:2px;
217
+ margin-bottom:1px;
218
+ }
219
+
220
+ /*********** begin wide tables ***********/
221
+ table.wide {
222
+ background: #FFFFFF;
223
+ border-collapse: collapse;
224
+ align: left;
225
+ width: 99%;
226
+ margin-top: 3%;
227
+ margin-right: 1%;
228
+ margin-bottom: 3%;
229
+ margin-left: 15px;
230
+ }
231
+ table.wide th, table.wide td {
231
232
  border: 1px silver solid;
232
233
  padding: 0.2em;
233
- }
234
-
235
- table.wide td {
236
- width:auto;
237
- font-family: Arial, Helvetica, sans-serif;
238
- font-size: 9pt;
239
- height: auto;
240
- line-height:16px;
241
- padding:6px 2px 2px 4px;
242
- }
243
-
244
- table.wide th {
245
- background: #E7E7E7;
246
- text-align: left;
247
- vertical-align: middle;
248
- font: Arial, Helvetica, sans-serif;
249
- font-size: 9pt;
250
- font-weight: bold;
251
- color: #333333;
252
- padding-top: 4px;
253
- padding-right: 4px;
254
- padding-bottom: 2px;
255
- padding-left: 6px;
256
- }
257
-
258
- #important{
259
- float: clear;
260
- color: #333333;
261
- background-color: #e7eedc;
262
- -moz-border-radius-bottomleft:0;
263
- -moz-border-radius-bottomright:0;
264
- -moz-border-radius-topleft:8px;
265
- -moz-border-radius-topright:8px;
266
- border:1px solid silver;
267
- font-size: 9pt;
268
- padding-top: 2px;
269
- padding-bottom: 0px;
270
- padding-left: 2px;
271
- margin-top: 15px;
272
- margin-left: 15px;
273
- margin-right: 35px;
274
- margin-bottom: 15px;
275
- }
276
-
277
- /*********** end wide tables ***********/
278
-
279
- -->
280
- </style>
234
+ }
235
+
236
+ table.wide td {
237
+ width:auto;
238
+ font-family: Arial, Helvetica, sans-serif;
239
+ font-size: 9pt;
240
+ height: auto;
241
+ line-height:16px;
242
+ padding:6px 2px 2px 4px;
243
+ }
281
244
 
245
+ table.wide th {
246
+ background: #E7E7E7;
247
+ text-align: left;
248
+ vertical-align: middle;
249
+ font: Arial, Helvetica, sans-serif;
250
+ font-size: 9pt;
251
+ font-weight: bold;
252
+ color: #333333;
253
+ padding-top: 4px;
254
+ padding-right: 4px;
255
+ padding-bottom: 2px;
256
+ padding-left: 6px;
257
+ }
258
+
259
+ #important{
260
+ float: clear;
261
+ color: #333333;
262
+ background-color: #e7eedc;
263
+ -moz-border-radius-bottomleft:0;
264
+ -moz-border-radius-bottomright:0;
265
+ -moz-border-radius-topleft:8px;
266
+ -moz-border-radius-topright:8px;
267
+ border:1px solid silver;
268
+ font-size: 9pt;
269
+ padding-top: 2px;
270
+ padding-bottom: 0px;
271
+ padding-left: 2px;
272
+ margin-top: 15px;
273
+ margin-left: 15px;
274
+ margin-right: 35px;
275
+ margin-bottom: 15px;
276
+ }
277
+
278
+ /*********** end wide tables ***********/
279
+
280
+ -->
281
+ </style>
282
282
  </head>
283
+
283
284
  <body>
284
- <div id="masthead">
285
- <h1> <a name="#top" id="#top"></a>Pcapr.Local</h1>
286
- </div>
287
- <div id="content">
288
- <p>Pcapr.Local is a gem that can automatically parse any packet capture and create a .par file suitable for generating a Scenario in Mu Studio. It's designed to help you create Scenarios for proprietary protocols that need custom Wireshark dissectors (pcapr.Local uses the locally-installed Wireshark application when indexing a .pcap). </p>
289
- <p>This document provides details for the following:</p>
290
- <ul>
291
- <li><a href="#pcapr_reqs">Requirements</a></li>
292
- <li><a href="#pcapr_install">Installing &amp; Configuring</a></li>
293
- <li><a href="#pcapr_using">Using</a> (viewing indexed pcaps and downloading PAR files)</li>
294
- <li><a href="#pcapr_tips">Tips &amp; Tricks</a></li>
295
- </ul>
296
- <p>After installing and configuring Pcapr.Local, you can copy or move your pcap files to the designated pcaps directory and Pcapr.Local will automatically index those files. Then, using a web browser, you can view the list of pcaps and their indexes, generate reports, or download the index as a PAR file that you can use in Mu Studio to create a Scenario.</p>
297
- <h2><a name="pcapr_reqs"></a>Requirements</h2>
298
- <p>To run pcapr.Local, you must install it on a system that also includes the following:</p>
299
- <ul>
300
- <li><strong>Linux</strong> (any flavor). You can install on a dedicated Linux system or in a virtual machine (VM). </li>
301
- <li> <strong>Ruby</strong> (1.8.6, 1.8.7, 1.9.2) + <strong>Rubygems</strong> (1.3.7 or higher). When using Ruby 1.8.6, you must install<a href="http://rubyforge.org/frs/?group_id=126" target="_blank"> rubygems 1.3.7</a>. Rubygems officially ceased support for ruby 1.8.6 as of the rubygems 1.4.0 release, so any version 1.4.x or higher will not install on a ruby 1.8.6 system.</li>
302
- <li><strong>CouchDB</strong>. Local and remote installations supported. If you have configured a username and password for the CouchDB service, you'll need to provide those user credentials during the pcapr.Local gem installation.</li>
303
- <li><strong>Wireshark</strong> (any version). Pcapr.Local will automatically use the installed version of <em>tshark</em> (a component of Wireshark) to create the pcap indexes. When using a package manager (such as aptitude on Ubuntu), you might need to install tshark separately if it's not included as part of the Wireshark installation.</li>
304
- <li><strong>Zip</strong> (any version). Pcapr.Local requires zip to create PAR files from your indexed pcaps.</li>
305
- <li><strong>pcapr-local.gem</strong>. If the Linux system has Internet connectivity, you can use the gem command (supported by rubygems) to quickly download and install the Pcapr.Local gem. Otherwise, you'll need to manually download the gem, copy it to the Linux system, and install it.</li>
306
- </ul>
307
- <p><a href="#top">back to top &uarr;</a></p>
308
- <p>&nbsp;</p>
309
- <h2><a name="pcapr_install" id="pcapr_install"></a>Installing &amp; Configuring</h2>
310
- <p>After ensuring that your Linux system has all the necessary <a href="pcapr_local_about.html#pcapr_reqs">pre-requisites for running Pcapr.Local</a>, you can download the pcapr-local gem and configure it for your system. </p>
311
- <p>You can install and run pcapr.Local as a root user or as a regular (non-root) user. If the Linux system has Internet connectivity, you can use the gem command (supported by rubygems) to quickly download and install the Pcapr.Local gem. Otherwise, you'll need to manually download the gem and copy it to the Linux system before installing. </p>
312
- <p>After installing the gem, configure the gem by answering a few questions about where you want to store pcaps and indexes, the IP and port on which you want to access pcapr.Local, and the location of your CouchDB service (your answers are saved as a configuration file at: <strong><span class="code">~/.pcapr_local/config</span></strong>). When configuration is complete, the pcapr server process continues running in the background, performing tasks such as checking for new pcaps and creating indexes. </p>
313
- <p>To view activities during configuration, tail the pcapr.Local log file with the command: <strong><span class="code">tail -F ~/pcapr.Local/log/server.log</span></strong></p>
314
- <h3>To Install Pcapr.Local:</h3>
315
- <p>To install over the Internet:</p>
316
- <ol>
317
- <li>Login to the Linux system on which you want to install pcapr.Local. </li>
318
- <li>Install the pcapr-local gem using the gem command:
319
- <p class="code_black_background"><strong>gem install pcapr-local</strong></p>
320
- </li>
321
- </ol>
322
- <p>To install manually:</p>
323
- <ol>
324
- <li>Download the pcapr.Local gem from <a href="http://rubygems.org/gems/pcapr-local">http://rubygems.org/gems/pcapr-local</a>. </li>
325
- <li>Copy the gem to the Linux system on which you want to install the gem.</li>
326
- <li>Login to the Linux system. </li>
327
- <li>Change to the directory that contains the gem, then install it using the gem command:
328
- <p class="code_black_background"><strong>gem install pcapr-local.gem</strong></p>
329
- </li>
330
- </ol>
331
- <h3>To Configure Pcapr.Local:</h3>
332
- <ol start="1">
333
- <li>Run the configuration tool using the startpcapr command:</li>
334
- </ol>
335
- <blockquote>
336
- <p class="code_black_background"><strong>startpcapr</strong></p>
337
- <p>This command starts the configuration process in which you'll be asked several questions. </p>
338
- </blockquote>
339
- <ol start="2">
340
- <li>Answer the following seven (7) questions when prompted:</li>
341
- </ol>
342
- <table width="86%" border="1" cellpadding="1" cellspacing="1" class="wide">
343
- <tr>
344
- <th width="32%" scope="col">Question</th>
345
- <th width="68%" scope="col"> Answer</th>
346
- </tr>
347
- <tr>
348
- <td><h5>A. Where should pcapr.Local store user files?</h5></td>
349
- <td><p>[/root/pcapr.Local] </p>
350
- <p>Press <strong>Enter</strong> to accept this default. This sets the directory for storing all pcapr-related files.</p></td>
351
- </tr>
352
- <tr>
353
- <td><h5>B. Which directory would you like to scan for indexable pcaps?</h5></td>
354
- <td><p>[/root/pcapr.Local/pcaps]</p>
355
- <p>Press <strong>Enter</strong> to accept this default. This sets the directory for storing packet captures. Any .pcap file you place in this directory will be automatically indexed by pcapr.Local.</p></td>
356
- </tr>
357
- <tr>
358
- <td><h5>C. Where would you like to store index files?</h5></td>
359
- <td><p>[/root/pcapr.Local/indexes] </p>
360
- <p>Press <strong>Enter</strong> to accept this default. This sets the directory for storing .pcap indexes. Indexes are automatically created for every .pcap file in the pcapr.Local/pcaps directory (or whatever directory you specified as the pcap repository in question A).</p></td>
361
- </tr>
362
- <tr>
363
- <td><h5>D. What IP address should pcapr.Local run on?</h5></td>
364
- <td><p>[127.0.0.1] </p>
365
- <p>Press <strong>Enter</strong> to accept this default. This sets the IP address at which you can access pcapr.Local. For example, if you want to access pcapr.Local at IP address 10.10.1.175 , you should enter that address here.</p></td>
366
- </tr>
367
- <tr>
368
- <td><h5>E. What port should pcapr.Local listen on?</h5></td>
369
- <td><p>[8080] </p>
370
- <p>Press <strong>Enter</strong> to accept this default. This sets the port at which you can access pcapr.Local. For example, if you want to access pcapr.Local at 10.10.1.175:8888, you should enter 8888 here.</p></td>
371
- </tr>
372
- <tr>
373
- <td><h5>F. Pick a name for your CouchDB database (database will be created automatically).</h5></td>
374
- <td><p>[pcapr_local_root] </p>
375
- <p>Press <strong>Enter</strong> to accept this default. This creates a CouchDB database for pcaps and their indexes. </p></td>
376
- </tr>
377
- <tr>
378
- <td><h5>G. pcapr.Local requires CouchDB to run. Where is your CouchDB server?</h5></td>
379
- <td><p>[http://127.0.0.1:5984] </p>
380
- <p>If you have not yet configured a username and password for the CouchDB service, press <strong>Enter</strong> to accept this default. </p>
381
- <p>However, if you <em><strong>have</strong></em> configured a username and password for the CouchDB service, you <em><strong>must</strong></em> provide those user credentials. Type the following and then press <strong>Enter</strong>:</p>
382
- <p class="code_black_background"><strong>http://<em>user</em>:<em>password</em>@127.0.0.1:5984</strong></p></td>
383
- </tr>
384
- </table>
385
- <ol start="3">
386
- <li>After answering all questions, the following message confirms a successful installation: <br>
387
- </li>
388
- </ol>
389
- <table width="92%" border="0" align="center" cellpadding="1" cellspacing="1">
390
- <tr align="left">
391
- <td width="72%" scope="col"><p class="code_black_background">Thank you. Configuration is saved at /root/.pcapr_local/config.<br>
392
- Starting server at <strong><em>ip:port</em></strong><br>
393
- Log is at /root/<strong><em>pcapr-directory</em></strong>/log/server.log<br>
394
- Moving server process to the background. Run 'stoppcapr' to stop the server.</p></td>
395
- <td width="28%" class="wide" scope="col"><p>Where <strong><em>ip:port</em></strong> are values given in questions D and E. </p>
396
- <p>Where<strong> <em>pcapr-directory</em></strong> is the value given in question A. </p></td>
397
- </tr>
398
- </table>
399
- <p>You are now ready to copy your .pcap files into the pcap directory, where pcapr.Local will automatically index them and create PAR files that you can use in Mu Studio to generate Scenarios. </p>
400
- <p><a href="#top">back to top &uarr;</a></p>
401
- <h2><a name="pcapr_using" id="pcapr_using"></a>Using Pcapr.Local</h2>
402
- <p>After installing and configuring pcapr.Local, you can copy your .pcap files into the pcap directory, where pcapr.Local will automatically index them and create a .par file (a Pcap ARchive, or PAR) that you can use in Mu Studio to generate Scenarios. (A PAR file contains dissection data from your local Wireshark installation, enabling you to use custom dissectors for proprietary protocols.) </p>
403
- <p>When you've moved some pcaps into the pcaps directory, you are ready to use the Pcapr.Local UI to view the indexes for those pcaps. The UI has three components: </p>
404
- <ul>
405
- <li><strong>Browse</strong>. Displays a list of indexed pcaps, with their associated services and more recent index statistics. Select a pcap to view its details and/or download a PAR file for creating a Scenario.</li>
406
- <li><strong>Folders</strong>. Displays a list of subdirectories in the pcap directory. By default, this list is empty but you can create new directories using the command line (<span class="code"><strong>mkdir</strong> <em>directory-name</em></span>). However, you'll need to put at least one pcap into a subdirectory before that directory will appear in the Folders tab. </li>
407
- <li><strong>Services</strong>. Displays a tag cloud of services found in all indexed pcaps.</li>
408
- </ul>
409
- <p>Keep in mind that any changes made at the command line will take about a minute to appear in the UI. </p>
410
- <h3>To View Indexes &amp; Get PAR files:</h3>
411
- <ol>
412
- <li>Add packet captures into the pcaps directory (<strong>/root/pcapr.Local/pcaps</strong> by default). For example, to move all .pcap files from a local directory to the pcaps folder on the Linux system, type:</li>
413
- </ol>
414
- <blockquote>
415
- <p class="code_black_background"><strong>scp *.pcap root@<em>linux-ip</em>:pcapr.Local/pcaps</strong></p>
416
- </blockquote>
417
- <ol start="2">
418
- <li>Wait about about a minute. Pcapr.Local checks the pcap directory every 60 seconds, indexing any new pcaps automatically. </li>
419
- <li>Using your web browser, view the indexed pcaps at <strong>http://<em>ip</em>:<em>port</em>/home/index.html</strong> (where <em>ip:port</em> is IP address and port on the Linux system you configured during pcapr.Local configuration). </li>
420
- <li>Select the .pcap for which you want to view details: <br>
285
+ <div id="masthead">
286
+ <h1><a name="#top" id="#top"></a>Pcapr.Local</h1>
287
+ </div>
288
+
289
+ <div id="content">
290
+ <p>Pcapr.Local is a gem that can automatically parse any packet capture and
291
+ create a .par file suitable for generating a Scenario in Mu Studio. It's
292
+ designed to help you create Scenarios for proprietary protocols that need
293
+ custom Wireshark dissectors (pcapr.Local uses the locally-installed
294
+ Wireshark application when indexing a .pcap).</p>
295
+
296
+ <p>This document provides details for the following:</p>
297
+
421
298
  <ul>
422
- <li>Clicking the <span class="UI_link_blue"><em>file</em>.pcap</span> link takes you to <a href="http://www.pcapr.net/">pcapr.net</a>, where you can use <a href="http://www.pcapr.net/xtractr">xtractor</a> to explore the indexed pcap. </li>
423
- <li>Selecting <span class="UI_link_blue">indexed</span> returns you to the list of indexed pcaps. </li>
299
+ <li><a href="#pcapr_reqs">Requirements</a></li>
300
+
301
+ <li><a href="#pcapr_install">Installing &amp; Configuring</a></li>
302
+
303
+ <li><a href="#pcapr_using">Using</a> (viewing indexed pcaps and
304
+ downloading PAR files)</li>
305
+
306
+ <li><a href="#pcapr_tips">Tips &amp; Tricks</a></li>
307
+ </ul>
308
+
309
+ <p>After installing and configuring Pcapr.Local, you can copy or move your
310
+ pcap files to the designated pcaps directory and Pcapr.Local will
311
+ automatically index those files. Then, using a web browser, you can view
312
+ the list of pcaps and their indexes, generate reports, or download the
313
+ index as a PAR file that you can use in Mu Studio to create a Scenario.</p>
314
+
315
+ <h2><a name="pcapr_reqs" id="pcapr_reqs"></a>Requirements</h2>
316
+
317
+ <p>To run pcapr.Local, you must install it on a system that also includes
318
+ the following:</p>
319
+
320
+ <ul>
321
+ <li><strong>Linux</strong> (any flavor). You can install on a dedicated
322
+ Linux system or in a virtual machine (VM).</li>
323
+
324
+ <li><strong>Ruby</strong> (1.8.6, 1.8.7, 1.9.2) +
325
+ <strong>Rubygems</strong> (1.3.7 or higher). When using Ruby 1.8.6, you
326
+ must install <a href="http://rubyforge.org/frs/?group_id=126" target=
327
+ "_blank">rubygems 1.3.7</a>. Rubygems officially ceased support for ruby
328
+ 1.8.6 as of the rubygems 1.4.0 release, so any version 1.4.x or higher
329
+ will not install on a ruby 1.8.6 system.</li>
330
+
331
+ <li><strong>CouchDB</strong>. Local and remote installations supported.
332
+ If you have configured a username and password for the CouchDB service,
333
+ you'll need to provide those user credentials during the pcapr.Local gem
334
+ installation.</li>
335
+
336
+ <li><strong>Wireshark</strong> (any version). Pcapr.Local will
337
+ automatically use the installed version of <em>tshark</em> (a component
338
+ of Wireshark) to create the pcap indexes. When using a package manager
339
+ (such as aptitude on Ubuntu), you might need to install tshark separately
340
+ if it's not included as part of the Wireshark installation.</li>
341
+
342
+ <li><strong>Zip</strong> (any version). Pcapr.Local requires zip to
343
+ create PAR files from your indexed pcaps.</li>
344
+
345
+ <li><strong>pcapr-local.gem</strong>. If the Linux system has Internet
346
+ connectivity, you can use the gem command (supported by rubygems) to
347
+ quickly download and install the Pcapr.Local gem. Otherwise, you'll need
348
+ to manually download the gem, copy it to the Linux system, and install
349
+ it.</li>
424
350
  </ul>
425
- </li>
426
- <li>Click <span class="UI_link_blue">PAR file</span> to download the .par file for that .pcap. <br>
427
- </li>
428
- <li>In Mu Studio, import the .par file to create a Scenario. Because the packet capture has already been dissected, the generation process skips flow selection and automatically displays the Scenario Editor. </li>
429
- </ol>
430
- <p><a href="#top">back to top &uarr;</a></p>
431
- <h2><a name="pcapr_tips" id="pcapr_tips"></a>Tips &amp; Tricks</h2>
432
- <p>The following section includes tips and tricks for using pcapr.Local. </p>
433
- <h4>Pcapr.Local Doesn't See Pcaps</h4>
434
- <p>If you added pcaps to the pcap directory but they don't appear in the list of indexed pcaps, try the following:</p>
435
- <ul>
436
- <li>Wait about about a minute then check again. Pcapr.Local checks the pcap directory every 60 seconds, indexing any new pcaps automatically. </li>
437
- <li>Check the config file (<strong><span class="code">~/.pcapr_local/config</span></strong>) to confirm that you are putting your pcaps in the correct directory.</li>
438
- </ul>
439
- <h4>Cannot Download a PAR File</h4>
440
- <p>If you get an error when attempting to download the PAR file for a pcap, you probably don't have Zip installed on your Linux system. Try installing Zip (on Ubuntu, type <strong class="code">apt-get install zip</strong>) then try to download the PAR file again (you don't need to re-index the pcap). </p>
441
- <h4>Starting &amp; Stopping Pcapr.Local</h4>
442
- <ul>
443
- <li>To stop the pcapr.Local server, use the command <strong class="code"> stoppcapr</strong></li>
444
- <li>To start/restart the pcapr.Local server, use the command <strong class="code"> startpcapr</strong></li>
445
- </ul>
446
- <h4>Organizing Pcaps</h4>
447
- <p>When managing large numbers of pcaps, use the command line to create subdirectories in the pcaps directory (<span class="code"><strong>mkdir</strong> <em>directory-name</em></span>), then place pcaps files in these subdirectories. Pcapr.Local will automatically index any .pcap file in the main pcaps directory and any included subdirectories. </p>
448
- <p>In the pcapr.Local UI, select the Folders tab to view a list of subdirectories in the pcap directory. However, you'll need to put at least one pcap into a subdirectory before that directory will appear in the Folders tab (and you might need to wait up to 60 seconds). </p>
449
- <h4>Getting PAR files From the Command Line</h4>
450
- <p>You can create PAR files at the command line instead of using the pcapr.Local UI. </p>
451
- <ol>
452
- <li>Login to the Linux system running pcapr.Local. </li>
453
- <li>Change to the pcaps directory. </li>
454
- <li>Specify the name of the pcap using the pcap2par command:
455
- <p class="code_black_background"><strong>pcap2par<em> filename</em>.pcap</strong></p>
456
- </li>
457
- </ol>
458
- <blockquote>
459
- <p> This command creates a PAR file called <strong>export.par</strong> in the current directory. </p>
460
- <p>To specify the location and name of the .par file, use a path argument with the pcap2par command. For example:</p>
461
- <p class="code_black_background"><strong>pcap2par my-test-traffic.pcap ~/par_files/my-test-traffic.par </strong></p>
462
- <p>This command creates a .par file named &quot;my-test-traffic.par&quot; in the &quot;par_files&quot; directory.</p>
463
- </blockquote>
464
- <p><a href="#top">back to top &uarr;</a></p>
465
- </div>
466
351
 
352
+ <p><a href="#top">back to top &uarr;</a></p>
353
+
354
+ <p> </p>
355
+
356
+ <h2><a name="pcapr_install" id="pcapr_install"></a>Installing &amp;
357
+ Configuring</h2>
358
+
359
+ <p>After ensuring that your Linux system has all the necessary <a href=
360
+ "pcapr_local_about.html#pcapr_reqs">pre-requisites for running
361
+ Pcapr.Local</a>, you can download the pcapr-local gem and configure it for
362
+ your system.</p>
363
+
364
+ <p>You can install and run pcapr.Local as a root user or as a regular
365
+ (non-root) user. If the Linux system has Internet connectivity, you can use
366
+ the gem command (supported by rubygems) to quickly download and install the
367
+ Pcapr.Local gem. Otherwise, you'll need to manually download the gem and
368
+ copy it to the Linux system before installing.</p>
369
+
370
+ <p>After installing the gem, configure the gem by answering a few questions
371
+ about where you want to store pcaps and indexes, the IP and port on which
372
+ you want to access pcapr.Local, and the location of your CouchDB service
373
+ (your answers are saved as a configuration file at: <strong><span class=
374
+ "code">~/.pcapr_local/config</span></strong>). When configuration is
375
+ complete, the pcapr server process continues running in the background,
376
+ performing tasks such as checking for new pcaps and creating indexes.</p>
377
+
378
+ <p>To view activities during configuration, tail the pcapr.Local log file
379
+ with the command: <strong><span class="code">tail -F
380
+ ~/pcapr.Local/log/server.log</span></strong></p>
381
+
382
+ <h3>To Install Pcapr.Local:</h3>
383
+
384
+ <p>To install over the Internet:</p>
385
+
386
+ <ol>
387
+ <li>Login to the Linux system on which you want to install
388
+ pcapr.Local.</li>
389
+
390
+ <li>Install the pcapr-local gem using the gem command:
391
+
392
+ <p class="code_black_background"><strong>gem install
393
+ pcapr-local</strong></p>
394
+ </li>
395
+ </ol>
396
+
397
+ <p>To install manually:</p>
398
+
399
+ <ol>
400
+ <li>Download the pcapr.Local gem from <a href=
401
+ "http://rubygems.org/gems/pcapr-local">http://rubygems.org/gems/pcapr-local</a>.</li>
402
+
403
+ <li>Copy the gem to the Linux system on which you want to install the
404
+ gem.</li>
405
+
406
+ <li>Login to the Linux system.</li>
407
+
408
+ <li>Change to the directory that contains the gem, then install it using
409
+ the gem command:
410
+
411
+ <p class="code_black_background"><strong>gem install
412
+ pcapr-local.gem</strong></p>
413
+ </li>
414
+ </ol>
415
+
416
+ <h3>To Configure Pcapr.Local:</h3>
417
+
418
+ <ol start="1">
419
+ <li>Run the configuration tool using the startpcapr command:</li>
420
+ </ol>
421
+
422
+ <blockquote>
423
+ <p class="code_black_background"><strong>startpcapr</strong></p>
424
+
425
+ <p>This command starts the configuration process in which you'll be asked
426
+ several questions.</p>
427
+ </blockquote>
428
+
429
+ <ol start="2">
430
+ <li>Answer the following seven (7) questions when prompted:</li>
431
+ </ol>
432
+
433
+ <table width="86%" border="1" cellpadding="1" cellspacing="1" class="wide">
434
+ <tr>
435
+ <th width="32%" scope="col">Question</th>
436
+
437
+ <th width="68%" scope="col">Answer</th>
438
+ </tr>
439
+
440
+ <tr>
441
+ <td>
442
+ <h5>A. Where should pcapr.Local store user files?</h5>
443
+ </td>
444
+
445
+ <td>
446
+ <p>[/root/pcapr.Local]</p>
447
+
448
+ <p>Press <strong>Enter</strong> to accept this default. This sets the
449
+ directory for storing all pcapr-related files.</p>
450
+ </td>
451
+ </tr>
452
+
453
+ <tr>
454
+ <td>
455
+ <h5>B. Which directory would you like to scan for indexable
456
+ pcaps?</h5>
457
+ </td>
458
+
459
+ <td>
460
+ <p>[/root/pcapr.Local/pcaps]</p>
461
+
462
+ <p>Press <strong>Enter</strong> to accept this default. This sets the
463
+ directory for storing packet captures. Any .pcap file you place in
464
+ this directory will be automatically indexed by pcapr.Local.</p>
465
+ </td>
466
+ </tr>
467
+
468
+ <tr>
469
+ <td>
470
+ <h5>C. Where would you like to store index files?</h5>
471
+ </td>
472
+
473
+ <td>
474
+ <p>[/root/pcapr.Local/indexes]</p>
475
+
476
+ <p>Press <strong>Enter</strong> to accept this default. This sets the
477
+ directory for storing .pcap indexes. Indexes are automatically
478
+ created for every .pcap file in the pcapr.Local/pcaps directory (or
479
+ whatever directory you specified as the pcap repository in question
480
+ A).</p>
481
+ </td>
482
+ </tr>
483
+
484
+ <tr>
485
+ <td>
486
+ <h5>D. What IP address should pcapr.Local run on?</h5>
487
+ </td>
488
+
489
+ <td>
490
+ <p>[127.0.0.1]</p>
491
+
492
+ <p>Press <strong>Enter</strong> to accept this default. This sets the
493
+ IP address at which you can access pcapr.Local. For example, if you
494
+ want to access pcapr.Local at IP address 10.10.1.175 , you should
495
+ enter that address here.</p>
496
+ </td>
497
+ </tr>
498
+
499
+ <tr>
500
+ <td>
501
+ <h5>E. What port should pcapr.Local listen on?</h5>
502
+ </td>
503
+
504
+ <td>
505
+ <p>[8080]</p>
506
+
507
+ <p>Press <strong>Enter</strong> to accept this default. This sets the
508
+ port at which you can access pcapr.Local. For example, if you want to
509
+ access pcapr.Local at 10.10.1.175:8888, you should enter 8888
510
+ here.</p>
511
+ </td>
512
+ </tr>
513
+
514
+ <tr>
515
+ <td>
516
+ <h5>F. Pick a name for your CouchDB database (database will be
517
+ created automatically).</h5>
518
+ </td>
519
+
520
+ <td>
521
+ <p>[pcapr_local_root]</p>
522
+
523
+ <p>Press <strong>Enter</strong> to accept this default. This creates
524
+ a CouchDB database for pcaps and their indexes.</p>
525
+ </td>
526
+ </tr>
527
+
528
+ <tr>
529
+ <td>
530
+ <h5>G. pcapr.Local requires CouchDB to run. Where is your CouchDB
531
+ server?</h5>
532
+ </td>
533
+
534
+ <td>
535
+ <p>[http://127.0.0.1:5984]</p>
536
+
537
+ <p>If you have not yet configured a username and password for the
538
+ CouchDB service, press <strong>Enter</strong> to accept this
539
+ default.</p>
540
+
541
+ <p>However, if you <em><strong>have</strong></em> configured a
542
+ username and password for the CouchDB service, you
543
+ <em><strong>must</strong></em> provide those user credentials. Type
544
+ the following and then press <strong>Enter</strong>:</p>
545
+
546
+ <p class="code_black_background">
547
+ <strong>http://<em>user</em>:<em>password</em>@127.0.0.1:5984</strong></p>
548
+ </td>
549
+ </tr>
550
+ </table>
551
+
552
+ <ol start="3">
553
+ <li>After answering all questions, the following message confirms a
554
+ successful installation:<br></li>
555
+ </ol>
556
+
557
+ <table width="92%" border="0" align="center" cellpadding="1" cellspacing=
558
+ "1">
559
+ <tr align="left">
560
+ <td width="72%" scope="col">
561
+ <p class="code_black_background">Thank you. Configuration is saved at
562
+ /root/.pcapr_local/config.<br>
563
+ Starting server at <strong><em>ip:port</em></strong><br>
564
+ Log is at
565
+ /root/<strong><em>pcapr-directory</em></strong>/log/server.log<br>
566
+ Moving server process to the background. Run 'stoppcapr' to stop the
567
+ server.</p>
568
+ </td>
569
+
570
+ <td width="28%" class="wide" scope="col">
571
+ <p>Where <strong><em>ip:port</em></strong> are values given in
572
+ questions D and E.</p>
573
+
574
+ <p>Where <strong><em>pcapr-directory</em></strong> is the value given
575
+ in question A.</p>
576
+ </td>
577
+ </tr>
578
+ </table>
579
+
580
+ <p>You are now ready to copy your .pcap files into the pcap directory,
581
+ where pcapr.Local will automatically index them and create PAR files that
582
+ you can use in Mu Studio to generate Scenarios.</p>
583
+
584
+ <p><a href="#top">back to top &uarr;</a></p>
585
+
586
+ <h2><a name="pcapr_using" id="pcapr_using"></a>Using Pcapr.Local</h2>
587
+
588
+ <p>After installing and configuring pcapr.Local, you can copy your .pcap
589
+ files into the pcap directory, where pcapr.Local will automatically index
590
+ them and create a .par file (a Pcap ARchive, or PAR) that you can use in Mu
591
+ Studio to generate Scenarios. (A PAR file contains dissection data from
592
+ your local Wireshark installation, enabling you to use custom dissectors
593
+ for proprietary protocols.)</p>
594
+
595
+ <p>When you've moved some pcaps into the pcaps directory, you are ready to
596
+ use the Pcapr.Local UI to view the indexes for those pcaps. The UI has
597
+ three components:</p>
598
+
599
+ <ul>
600
+ <li><strong>Browse</strong>. Displays a list of indexed pcaps, with their
601
+ associated services and more recent index statistics. Select a pcap to
602
+ view its details and/or download a PAR file for creating a Scenario.</li>
603
+
604
+ <li><strong>Folders</strong>. Displays a list of subdirectories in the
605
+ pcap directory. By default, this list is empty but you can create new
606
+ directories using the command line (<span class=
607
+ "code"><strong>mkdir</strong> <em>directory-name</em></span>). However,
608
+ you'll need to put at least one pcap into a subdirectory before that
609
+ directory will appear in the Folders tab.</li>
610
+
611
+ <li><strong>Services</strong>. Displays a tag cloud of services found in
612
+ all indexed pcaps.</li>
613
+ </ul>
614
+
615
+ <p>Keep in mind that any changes made at the command line will take about a
616
+ minute to appear in the UI.</p>
617
+
618
+ <h3>To View Indexes &amp; Get PAR files:</h3>
619
+
620
+ <ol>
621
+ <li>Add packet captures into the pcaps directory
622
+ (<strong>/root/pcapr.Local/pcaps</strong> by default). For example, to
623
+ move all .pcap files from a local directory to the pcaps folder on the
624
+ Linux system, type:</li>
625
+ </ol>
626
+
627
+ <blockquote>
628
+ <p class="code_black_background"><strong>scp *.pcap
629
+ root@<em>linux-ip</em>:pcapr.Local/pcaps</strong></p>
630
+ </blockquote>
631
+
632
+ <ol start="2">
633
+ <li>Wait about about a minute. Pcapr.Local checks the pcap directory
634
+ every 60 seconds, indexing any new pcaps automatically.</li>
635
+
636
+ <li>Using your web browser, view the indexed pcaps at
637
+ <strong>http://<em>ip</em>:<em>port</em>/home/index.html</strong> (where
638
+ <em>ip:port</em> is IP address and port on the Linux system you
639
+ configured during pcapr.Local configuration).</li>
640
+
641
+ <li>Select the .pcap for which you want to view details:<br>
642
+
643
+ <ul>
644
+ <li>Clicking the <span class="UI_link_blue"><em>file</em>.pcap</span>
645
+ link takes you to <a href="http://www.pcapr.net/">pcapr.net</a>,
646
+ where you can use <a href="http://www.pcapr.net/xtractr">xtractor</a>
647
+ to explore the indexed pcap.</li>
648
+
649
+ <li>Selecting <span class="UI_link_blue">indexed</span> returns you
650
+ to the list of indexed pcaps.</li>
651
+ </ul>
652
+ </li>
653
+
654
+ <li>Click <span class="UI_link_blue">PAR file</span> to download the .par
655
+ file for that .pcap.<br></li>
656
+
657
+ <li>In Mu Studio, import the .par file to create a Scenario. Because the
658
+ packet capture has already been dissected, the generation process skips
659
+ flow selection and automatically displays the Scenario Editor.</li>
660
+ </ol>
661
+
662
+ <p><a href="#top">back to top &uarr;</a></p>
663
+
664
+ <h2><a name="pcapr_tips" id="pcapr_tips"></a>Tips &amp; Tricks</h2>
665
+
666
+ <p>The following section includes tips and tricks for using
667
+ pcapr.Local.</p>
668
+
669
+ <h4>Pcapr.Local Doesn't See Pcaps</h4>
670
+
671
+ <p>If you added pcaps to the pcap directory but they don't appear in the
672
+ list of indexed pcaps, try the following:</p>
673
+
674
+ <ul>
675
+ <li>Wait about about a minute then check again. Pcapr.Local checks the
676
+ pcap directory every 60 seconds, indexing any new pcaps
677
+ automatically.</li>
678
+
679
+ <li>Check the config file (<strong><span class=
680
+ "code">~/.pcapr_local/config</span></strong>) to confirm that you are
681
+ putting your pcaps in the correct directory.</li>
682
+ </ul>
683
+
684
+ <h4>Cannot Download a PAR File</h4>
685
+
686
+ <p>If you get an error when attempting to download the PAR file for a pcap,
687
+ you probably don't have Zip installed on your Linux system. Try installing
688
+ Zip (on Ubuntu, type <strong class="code">apt-get install zip</strong>)
689
+ then try to download the PAR file again (you don't need to re-index the
690
+ pcap).</p>
691
+
692
+ <h4>Starting &amp; Stopping Pcapr.Local</h4>
693
+
694
+ <ul>
695
+ <li>To stop the pcapr.Local server, use the command <strong class=
696
+ "code">stoppcapr</strong></li>
697
+
698
+ <li>To start/restart the pcapr.Local server, use the command
699
+ <strong class="code">startpcapr</strong></li>
700
+ </ul>
701
+
702
+ <h4>Organizing Pcaps</h4>
703
+
704
+ <p>When managing large numbers of pcaps, use the command line to create
705
+ subdirectories in the pcaps directory (<span class=
706
+ "code"><strong>mkdir</strong> <em>directory-name</em></span>), then place
707
+ pcaps files in these subdirectories. Pcapr.Local will automatically index
708
+ any .pcap file in the main pcaps directory and any included
709
+ subdirectories.</p>
710
+
711
+ <p>In the pcapr.Local UI, select the Folders tab to view a list of
712
+ subdirectories in the pcap directory. However, you'll need to put at least
713
+ one pcap into a subdirectory before that directory will appear in the
714
+ Folders tab (and you might need to wait up to 60 seconds).</p>
715
+
716
+ <h4>Getting PAR files From the Command Line</h4>
717
+
718
+ <p>You can create PAR files at the command line instead of using the
719
+ pcapr.Local UI.</p>
720
+
721
+ <ol>
722
+ <li>Login to the Linux system running pcapr.Local.</li>
723
+
724
+ <li>Change to the pcaps directory.</li>
725
+
726
+ <li>Specify the name of the pcap using the pcap2par command:
727
+
728
+ <p class="code_black_background"><strong>pcap2par
729
+ <em>filename</em>.pcap</strong></p>
730
+ </li>
731
+ </ol>
732
+
733
+ <blockquote>
734
+ <p>This command creates a PAR file called <strong>export.par</strong> in
735
+ the current directory.</p>
736
+
737
+ <p>To specify the location and name of the .par file, use a path argument
738
+ with the pcap2par command. For example:</p>
739
+
740
+ <p class="code_black_background"><strong>pcap2par my-test-traffic.pcap
741
+ ~/par_files/my-test-traffic.par</strong></p>
742
+
743
+ <p>This command creates a .par file named "my-test-traffic.par" in the
744
+ "par_files" directory.</p>
745
+ </blockquote>
746
+
747
+ <p><a href="#top">back to top &uarr;</a></p>
748
+ </div>
467
749
  </body>
468
750
  </html>