New Dumpy Release – Multiple Spools and Single Binary Install

I’ve made some changes to my simple to install and use PCAP spool web frontend Dumpy including:

  • A rewrite in Go, mostly for entertainment purposes, but the really easy to use concurrency, and single binary installation make Go a good choice for small applications like this.
  • Multiple spool directory support.
  • A decoder for translating a Suricata JSON style event to a pcap filter (in additions to the existing “fast” style event decoding).

Check it out over here https://github.com/jasonish/dumpy.

dumpy-pcap-filter-view

Dumpy – A Simple PCAP Spool File Frontend

Sometimes the best way to try out a new framework or language is to apply it to a domain you already know very well, even if it does happen to reinvent the wheel.  Tornado and Twitter Bootstrap are two such frameworks I’ve been meaning to play with for a while now. The result is Dumpy, a web front-end to pcap spool files as created by tcpdump, daemonlogger, or netsniff-ng with a very simple configuration and user interface:

Screen-2BShot-2B2012-12-18-2Bat-2B10.39.25-2BAM

Requirements are minimal, Python 2.6 (so it will run on CentOS 6 with little hassle), Tornado and py-bcrypt which are both trivially installed with pip. It provides its own http server with SSL support, and does not require a database.

Usage is also simple.  Simply enter a pcap filter, or paste in a Snort or Suricata event in “fast” format, choose  start and end times (or simply offsets) and hit download.

If interested, start a pcap spool (ie: sudo tcpdump -i eth0 -C 1000 -W10 -G 3600 -w /tmp/eth0.log.%Y%m%d.) then check out Dumpy over here https://github.com/jasonish/dumpy.