dumpy 0.4.0-alpha.3

A web frontend to Suricata full packet capture
dumpy-0.4.0-alpha.3 is not a library.

Dumpy

Dumpy is a simple to install, and simple to use web frontend for PCAP spool file directories such as those produced by Suricata.

Setup

  1. First configure and start a tool like Suricata, or daemonlogger to write PCAP files to a directory such as /data/capture.
  2. Download a Dumpy binary package (https://github.com/jasonish/dumpy/releases) or build from source. Note: Requires libpcap to be installed.
  3. Configure:
    1. Choose a directory where the dumpy.yaml configuration file will exist and change to that directory. For now, lets use ~/dumpy.
    2. Tell Dumpy where to find the PCAP directory using the dumpy config command, for example: 
      dumpy config spool add default /data/capture
    3. Optionally add a user, if you don't authentication won't be required. 
      dumpy config passwd username password
  4. Start Dumpy: 
    dumpy server
  5. Then point your browser at http://:7000/

Building

Building Dumpy requires Rust and Cargo to be install, then simply:

cargo build

TLS

TLS can be enabled through the dumpy config command but you will first need TLS certificate and key files.

A self-signed certificate and key and be created with openssl:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 
      -days 365 -nodes -subj '/CN=localhost'

Then TLS can be enabled in Dumpy with the following command:

dumpy config set tls.cert cert.pem
dumpy config set tls.key cert.key
dumpy config set tls.enabled true