API code full samble
442 views
Skip to first unread message
Hossam zalapany
Apr 4, 2016, 9:43:59 AM4/4/16
to Moloch Full Packet Capture
Dear All,
I was wondring if there any one can share a baisic samble of JASON API code to get PCAP files from Moloch, I'm kind of starter self lerner :) and I am struggling to understand how can I do that,
the API manual is too short.
so for examble I would like to get the packets of perioud of time (defined by date) filtered by TCP, IP, source port and destination port.
Thanks in advance for help
I was wondring if there any one can share a baisic samble of JASON API code to get PCAP files from Moloch, I'm kind of starter self lerner :) and I am struggling to understand how can I do that,
the API manual is too short.
so for examble I would like to get the packets of perioud of time (defined by date) filtered by TCP, IP, source port and destination port.
Thanks in advance for help
Andy
Apr 5, 2016, 8:24:18 AM4/5/16
to Moloch Full Packet Capture
Sure, first do the query in moloch and look at the url. For example lets say you have the expression "port == 53 & protocols == tcp && packets > 40" the url will look something like
https://host:port/?date=168&expression=port+%3D%3D+53+%26+protocols+%3D%3D+tcp+%26%26+packets+%3E+40
To get the sessions in json format add sessions.json to url
https://host:port/sessions.json?date=168&expression=port+%3D%3D+53+%26+protocols+%3D%3D+tcp+%26%26+packets+%3E+40
To get the pcap for them add sessions.pcap to url
https://host:port/sessions.pcap?date=168&expression=port+%3D%3D+53+%26+protocols+%3D%3D+tcp+%26%26+packets+%3E+40
There is no API manual yet because its still changing
Hossam zalapany
Apr 5, 2016, 2:05:12 PM4/5/16
to Moloch Full Packet Capture
Thanks Andy for the clarification. I really appreciate your help
Reply all
Reply to author
Forward
0 new messages