Dumpy - A Simple PCAP Spool File Frontend

Sometimes the best way to try out a new framework or language is to apply it to a domain you already know very well, even if it does happen to reinvent the wheel.  Tornado and Twitter Bootstrap are two such frameworks I've been meaning to play with for a while now. The result is Dumpy, a web front-end to pcap spool files as created by tcpdump, daemonlogger, or netsniff-ng with a very simple configuration and user interface:



Requirements are minimal, Python 2.6 (so it will run on CentOS 6 with little hassle), Tornado and py-bcrypt which are both trivially installed with pip. It provides its own http server with SSL support, and does not require a database.

Usage is also simple.  Simply enter a pcap filter, or paste in a Snort or Suricata event in "fast" format, choose  start and end times (or simply offsets) and hit download.

If interested, start a pcap spool (ie: sudo tcpdump -i eth0 -C 1000 -W10 -G 3600 -w /tmp/eth0.log.%Y%m%d.) then check out Dumpy over here https://bitbucket.org/ish/dumpy.