Setting up pcap to View Your Raw Data
The pcap data source creates a Storm topology that can rapidly ingest raw data directly into HDFS from Kafka. As a result, you can store all of your cybersecurity data in its raw form in HDFS and review or query it at a later date. HCP supports two pcap components:
The pycapa tool aimed at low-volume packet capture
Pycapa is a open-source Python-based probe created by Cisco.
The Data Plane Development Kit (DPDK) based tool aimed at high-volume packet capture.
DPDK is a set of data plane libraries and network interface controller drivers for fast packet processing.
The rest of this chapter provides or points to instructions for setting up pycapa and DPDK and starting pcap: