Re: [Openfpc-users] Openfpc usage

[Leon W. <le...@le...>]

What's your platform, version of mergecap etc.
Also, if you '$ file list.pcap' what does it say?

-L


On Thu, Aug 20, 2015 at 10:15 PM, Igor Kaplan <igo...@gm...> wrote:

> Hi Leon,
>
>
>
>   Need your help please once again.
>
>   Got the following problem and spent several hours trying to solve it.
>
>
>
>   When making the API call to fetch the pcap data I am getting the data in
> pcapng format.
>
>   The OpenFPC is using the mergecap to merge pcap files and by default
> mergecap creates the output in pcapng format instead of pcap.
>
>
>
>   I have changed the following line in openfpc-default.conf file
>
> MERGECAP=/usr/bin/mergecap -F pcap
>
>
>
> This helped when I use the openfpc-client command to create pcap files,
> however when I use curl to fetch the data I still receive the output in
> pcapng format.
>
>
>
> curl -k
> 192.168.145.20:4222/api/1/fetch?apikey=38A69684-41F6-11E5-B47F-C061B4CE8A48\&stime=20150818%2010:00\&etime=20150818%2010:30\&dpt=22
> <http://192.168.145.20:4222/api/1/fetch?apikey=38A69684-41F6-11E5-B47F-C061B4CE8A48%5C&stime=20150818%2010:00%5C&etime=20150818%2010:30%5C&dpt=22>
> > list.pcap
>
>
>
> cat list.pcap|tshark -i-
>
> Capturing on 'Standard input'
>
> tshark: Unrecognized libpcap format
>
>
>
>   Looks like in case of API call the mergecap utility is not used at all.
> And I was not able to find in the code how merging is done in this case.
>
>
>
>   Could you please help me. Is it possible to make the fetch API call to
> return the data in pcap format?
>
>
>
> Thanks so much!
>
>
>
>   Igor
>
>
>
>
>
> *From:* leo...@gm... [mailto:leo...@gm...] *On Behalf
> Of *Leon Ward
> *Sent:* Tuesday, August 18, 2015 1:29 PM
>
> *To:* Igor Kaplan
> *Cc:* ope...@li...
> *Subject:* Re: [Openfpc-users] Openfpc usage
>
>
>
> Actually it wont. It will only remove the oldest PCAP file. It's best to
> keep those PCAP files on their own partition.
>
> The old flow records in mysql actually get removed automatically based on
> the oldest packet in the store. So you won't have records that are older
> than the pcaps.
>
>
>
> -L
>
>
>
>
>
> On Tue, Aug 18, 2015 at 6:21 PM, Igor Kaplan <igo...@gm...> wrote:
>
> Hi Leon, all,
>
>
>
>   I have one more question please.
>
>
>
>   Based on the documentation the following line in the openfpc config file
> restricts the space usage of captured data to 50 percent:
>
> PCAP_SPACE=50
>
>
>
> So, if the data size exceeds 50 percent old files will be deleted
> automatically?
>
> Will openfpc also  delete the old MySQL session tables?
>
>
>
> Many thanks and all the best!
>
>
>
>   -Igor.
>
>
>
>
>
> *From:* leo...@gm... [mailto:leo...@gm...] *On Behalf
> Of *Leon Ward
> *Sent:* Monday, August 17, 2015 11:51 AM
> *To:* Igor Kaplan
> *Cc:* ope...@li...
> *Subject:* Re: [Openfpc-users] Openfpc usage
>
>
>
> Hi,
>
>
>
> Documentation is really one of the places that really needs some extra
> focus.
>
>
>
> The best docs I can point you to are in that folder, plus there is some
> out-of date info on my blog http://www.leonward.com.
>
> I actually delivered a presentation at Defcon last weekend all about
> OpenFPC. I have forwarded the slides separately. Hopefully that will help
> as well.
>
>
>
> As for your specific question about OpenFPC GUI. That's actually now been
> deprecated as it's no longer relevant for how it functions in a distributed
> manner. The OpenFPC-Chrome Extension will be the next best thing for
> interacting with the QueueDaemon remotely in a GUI-like way.
>
>
>
> Cheers,
>
>
>
> -L
>
>
>
>
>
>
>
> On Mon, Aug 17, 2015 at 4:25 PM, Igor Kaplan <igo...@gm...> wrote:
>
> Hi All,
>
>
>
>   My name is Igor. I just found the OpenFPC and evaluating it. Looks like
> it is very good tool.
>
>   I successfully installed on Ubuntu 14.4 with Perl 5.18
>
>   I have installed the OpenFPC-master, so it is the latest code.
>
>
>
>   Now I would like to find out if there is more documentation beside files
> which I could find under docs directory.
>
>   For example the INSTALL.md refers to the USAGE document, however I was
> not able to find it anywhere
>
>
>
>   I am looking for the usage other then basic, just to find out, what are
> my advanced options.
>
>
>
> For example the openfpc-dbmaint.sh script is also able to create the gui
> database, I wonder, what it is for?
>
>
>
> The OpenFPC looks to be very powerful, just would like to understand it as
> best as I can.
>
>
>
> Would so much appreciate any reply’s.
>
>
>
> Many thanks.
>
>
>
>    Igor.
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Openfpc-users mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openfpc-users
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Openfpc-users mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openfpc-users
>
>
>