Hi,
I tried to load the pcap file consist of S1AP and GTP protocols using packetbeat but i am not getting the S1AP and GTP in the elastic search page.
Anyone let me know how to load S1AP and GTP protocols in ES
Regards,
Rameshkumar
Hello Ramesh,
You're right that Packetbeat requires explicit support for protocols to turn pcaps into network flows. You can read about the goals of Packetbeat here.
If you're willing to work on adding support for more protocols, you will have to write parsers in Go, and compile Packetbeat with your new parsers. Here are a few pointers:
- Start with this guide. Unfortunately we're still in the process of documenting the details of how to build a protocol parser. But at least you'll have guidance on how to set up for development of Packetbeat.
- Look at other parsers here: https://github.com/elastic/beats/tree/master/packetbeat/protos. You may want to start by looking at UDP and TCP.
Hope this helps,
Mathieu
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.