Storage

Captures are loaded off of either the local Docker volume, from an S3 bucket, or via URL.

Volume

The docker image can be run using the following command and will serve the PCAP files in the /my-captures directory of the host:

docker run --rm -p 80:80 -p 443:443 -v /my-captures:/data/captures packet-viewer:v1.7.0

S3

Running Packet Viewer using S3 as the location of PCAP files requires the following environment variables to be set:

  • AWS_REGION - The AWS SDK compatible environment variable that specifies the AWS Region to send the request to.
  • AWS_ACCESS_KEY_ID - Specifies an AWS access key associated with an IAM account.
  • AWS_SECRET_ACCESS_KEY - Specifies the secret key associated with the access key. This is essentially the “password” for the access key.

The following environment variables are used to configure how Packet Viewer connects to the S3 bucket:

  • PV_S3_ENDPOINT - S3 endpoint to use, i.e. https://s3.example.com:9000
  • PV_S3_BUCKET - S3 bucket to use
  • PV_S3_USE_PATH_STYLE - Use path-style rather than virtual hosted S3 bucket addressing, i.e. https://HOST/BUCKET/KEY instead of https://BUCKET.HOST/KEY

The following command can be used to run the Packet Viewer using S3:

docker run --rm -p 80:80 -p 443:443 --env AWS_REGION=<REGION> \
  --env AWS_ACCESS_KEY_ID=<ACCESS KEY> \
  --env AWS_SECRET_ACCESS_KEY=<SECRET ACCESS KEY> \
  --env PV_S3_ENDPOINT=<ENDPOINT> \
  --env PV_S3_BUCKET=<BUCKET> \
  --env PV_S3_USE_PATH_STYLE=true \
  packet-viewer:v1.7.0

URL

If you are loading files via URL into the container, you do not need to worry about local storage, provided the container has enough ephemeral storage to cache downloaded capture files.

Cache Lifetime

Any PCAP file that is opened from a remote source (S3 or URL) will be deleted after a configurable amount of time. This timeout defaults to 1 hour. The variable cache-lifetime controls this duration. If the file has been deleted from the cache, and is requested again, it will need to be re-fetched before it is opened. This normally isn’t a concern with small files.

Setting the cache-lifetime to zero (0) will cause the file to be removed immediately after the session timeout closes following the last API request, which defaults to 30 seconds.