FW: 7738+
FMADIO Packet capture systems have the ability to push specific PCAPs to a external 3rd Party application as follows
This workflow enables a simple approach, using a URI to push a PCAP over HTTP using a POST request to a remote end application, then following a JSON redirect.
In this example, we are using our internally developed FMADIO Packet Scope and FMADIO Shark (FShark) as a reference example. This is for demonstration purposes only, any 3rd party web application will work.
The workflow process is as follows,
Web Application A generates a en.loader.html URI. For example Epoch Start/End and an BPF Filter
Web Application A directs the Client to this URI
FMADIO Packet Capture System presents the Client with the FMADIO Loader web page. This shows the progress of filtering and upload to Application B and any potential errors.
Application B completes upload, and returns a redirect URI
FMADIO Loader web page follows the redirect, allowing the client to load seamlessly into Web Application B with the new PCAP data.
The example is using FMADIO developed software for this, however there is no limitation, any 3rd party application will work.
In the following example we are using FMADIO Packet Scope as as (Application A) and FMADIO Shark as (Application B).
In this example, Web Application A is "FMADIO Packet Scope" with Web Application B "FMADIO Shark". PacketScope generates the loader link request as follows
The above example has an Epoch Start time and Epoch End time as well as a BPF Filter applied, the end result is the following URI
This redirects to the FMADIO Loader page which processes and pushes the above Filter specification to the Target "fshark"
Expanding on the details
Path indicates how the PCAP should be generated, in this case its a specific capture name with filters.
Target, informs what the End Point target is. "fshark" is an internally defined EP. Due to security reasons End Point definitions can only be configured on the FMADIO System. Only the enumerated name of the End Point is used in the URI.
StreamName specifies the name of the Capture to process.
TSBegin is the Epoch in Nanoseconds for the start of the Filter
TSEnd is the Epoch in Nanoseconds for the end of the Filter
FilterBPF is the Escape Encoded BPF filter, in this case "udp and port 53" e.g. extract DNS traffic.
For full details please check the API v1 Documentation page
Once clicked the following Search page is visible.
In addition we added the following URI to prevent automatic reload, this can be helpful for debugging purposes.
Internally the FMADIO Device is issuing the following HTTP POST command thru CURL on the filtered PCAP. This URL generator is configuration on the FMADIO Device, almost anything is possible. This example the "fshark" Target is built into the system firmware.
Once completed the above HTTP POST request into Web Application B is completed, it returns a redirect as follows to FMADIO Packet Capture System
This redirect URL is forwarded to the Web Client is shown below
The 3rd Party Application returns the redirect as the response to the POST upload request. This is where the redirect URI is specific, or any error condition
After the HTTP Post has been completed the 3rd Party Application B returns a redirect page. The FMADIO Loader then redirects to this location.
In this example it loads FMADIO Shark with the URI
The following page is what the 3rd Party Application displays.
NOTE: Due to FMADIO Shark being internally developed the Web page does look like FMADIO products. This page could show anything, there's no iframes etc.
The recommended URI is to use the /api/v1/pcap/timerange URI endpoint. As this does not require any stream names, just Epoch start/end times and a BPF filter.
Example as follows, please remember to Escape Encode the FilterBPF string.