Public Repository

Last pushed: a year ago
Short Description
Jetty container containing an AngularJs Webapp, Java Rest API and Neo4j graph db
Full Description

Application that loads pcap files into a Neo4j graph and uses an AngularJs client app to display the loaded sessions.

To run the image:
mkdir -p /home/danny/Neo4J/Pcap.db
mkdir -p /home/danny/pcapIn/pcap
sudo docker run -d -p 8888:8080 -v <Neo4j DB dir>/Pcap.db:/home/danny/Neo4J/Pcap.db -v <src dir of pcap source files>:/home/danny/pcapIn dannyandersen/network-event

#URL: http://localhost:8888/pcap-to-neo-web

See: https://github.com/danny-andersen/network-event-graph

Pcap files can be captured using tshark:

if [ $# -ne 2 ]
then
echo "Usage $0: <duration in secs> <path + filename of output file>"
exit 1
fi
sudo tshark -T fields -E separator=, -e frame.time_epoch -e frame.protocols -e ip.src -e ip.dst -e ip.len -e ip.proto -e tcp.port -e udp.port -f "not arp and not port 53" -e http.url -e http.referer -e http.location -e ip.host -i eth0 -i wlan0 -a duration:$1 > $2

For script files and example pcaps see: https://github.com/danny-andersen/network-event-graph/tree/master/pcap

Note that captured pcap files are automatically loaded into the graph using a Camel route running in the webapp:

<camel:camelContext id="camel1" >
<camel:route>
<camel:from uri="file:///home/danny/pcapIn/pcap?include=.*.pcap&recursive=true&readLock=changed&delete=true" />
<camel:bean ref="pcapImportBean" method="parseFile"/>
</camel:route>
</camel:camelContext>

The graph is persisted in the Neo4j database directory mounted at /home/danny/Neo4J/Pcap.db and so survives container restarts.

A (really) rough metamodel of the graph can be found here:

https://github.com/danny-andersen/network-event-graph/blob/master/pcap-to-neo-domain/Graph_model.jpg?raw=true

Docker Pull Command
Owner
dannyandersen

Comments (0)