Dumpy - A Simple PCAP Spool File Frontend

December 18 2012

Sometimes the best way to try out a new framework or language is to apply it to a domain you already know very well, even if it does happen to reinvent the wheel. Tornado and Twitter Bootstrap are two such frameworks I've been meaning to play with for a while now. The result is Dumpy, a web front-end to pcap spool files as created by tcpdump, daemonlogger, or netsniff-ng with a very simple configuration and user interface:

screenshot

Requirements are minimal, Python 2.6 (so it will run on CentOS 6 with little hassle), Tornado and py-bcrypt which are both trivially installed with pip. It provides its own http server with SSL support, and does not require a database. Usage is also simple. Simply enter a pcap filter, or paste in a Snort or Suricata event in "fast" format, choose start and end times (or simply offsets) and hit download. If interested, start a pcap spool (ie: sudo tcpdump -i eth0 -C 1000 -W10 -G 3600 -w /tmp/eth0.log.%Y%m%d.) then check out Dumpy over here https://github.com/jasonish/dumpy.