Packetbeat is not sniffing the packets from amqp protocol running on 8161 port

Subrat · March 18, 2019, 1:05pm

Packetbeat does not capture packets on amqp protocol running on 8161 port on Windows 10.

packets e.g. amqp running on port 8161.

Has anyone successfully installed and captured amqp packets on windows?

I tried enabled debug option and see continuous message:

2019-03-18T18:32:57.366+0530 INFO [monitoring] log/log.go:144 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1843,"time":{"ms":31}},"total":{"ticks":2577,"time":{"ms":31},"value":2577},"user":{"ticks":734}},"handles":{"open":358},"info":{"ephemeral_id":"55d887e3-0c8c-48fd-bbac-d7677fd8f1b8","uptime":{"ms":934442}},"memstats":{"gc_next":36314608,"memory_alloc":18336504,"memory_total":24619160,"rss":8192}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":6,"events":{"active":0}}}}}}
2019-03-18T18:32:57.586+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:32:58.086+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:32:58.587+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:32:59.101+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:32:59.614+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:00.115+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:00.616+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:01.118+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:01.632+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:02.133+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:02.633+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:03.134+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:03.634+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:04.134+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:04.635+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:05.135+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:05.636+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:06.137+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:06.638+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:07.138+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:07.638+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:08.138+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:08.640+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:09.141+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:09.645+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:10.160+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:10.674+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:11.187+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:11.695+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:12.210+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:12.717+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:13.218+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:13.719+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:14.220+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:14.721+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:15.221+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:15.723+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:16.223+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:16.726+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:17.227+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:17.741+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:18.246+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:18.756+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:19.263+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:19.764+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:20.265+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:20.775+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:21.278+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:21.781+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:22.281+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:22.790+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:23.290+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:23.791+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:24.300+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:24.809+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:25.310+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:25.810+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:26.314+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:26.818+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:27.320+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:27.359+0530 INFO [monitoring] log/log.go:144 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1859,"time":{"ms":16}},"total":{"ticks":2655,"time":{"ms":78},"value":2655},"user":{"ticks":796,"time":{"ms":62}}},"handles":{"open":358},"info":{"ephemeral_id":"55d887e3-0c8c-48fd-bbac-d7677fd8f1b8","uptime":{"ms":964434}},"memstats":{"gc_next":36314576,"memory_alloc":18162120,"memory_total":24683296,"rss":-4096}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":6,"events":{"active":0}}}}}}
2019-03-18T18:33:27.830+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:28.331+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:28.834+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:29.348+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:29.850+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted
2019-03-18T18:33:30.351+0530 DEBUG [sniffer] sniffer/sniffer.go:185 Interrupted

Kindly guide.

adrisr · March 21, 2019, 4:30pm

Hi,

The port 8161 seems to be the port ActiveMQ HTTP Web Console.

For AMQP traffic you have to configure Packetbeat to listen to port 5672.

packetbeat.yml:

packetbeat.protocols:
[...]
 - type: amqp
   ports: [5672]
 - type: http
   ports: [8161]

Change the amqp port to 8161 if for some reason your setup is using that port for AMQP traffic.

system · April 18, 2019, 4:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Packetbeat for Windows does not capture TCP port data.? Beats packetbeat	12	3359	July 5, 2017
Unable to capture the activemq traffic in packetbeat Beats packetbeat	2	439	April 23, 2019
To listen for amqp events packetbeat Beats packetbeat	6	1031	July 5, 2017
Is there a way to see what data has been sent to amqp in packetbeat? Beats packetbeat	2	321	April 29, 2019
Logging messages sent to rabbitmq with packetbeat Beats packetbeat	5	493	January 31, 2019

Packetbeat is not sniffing the packets from amqp protocol running on 8161 port

Related topics