Skip to main content

Upload communications

Concept

Spider allows uploading already captured communications

  • On the UI
  • With files up to 20Mo

File formats

You may upload either:

  • Standard Pcap files generated by Tcpdump, Wireshark, Spider...
  • JSON files exported from Spider

PCAP files

Use cases

  • You may capture sessions data on a server without Whisperers, or on a IoT device and upload them to Spider for analysis.
  • You may export pcap files from Spider to upload them again with different parsing settings.

Usage

Pcap files may be uploaded only on specific Whisperers dedicated to UPLOAD. In order not to mess with real captured data

  1. Select an upload whisperer (1 only)
  2. Click on the upload button or drop the file (top left of screen)
  3. Some information on the capture is displayed
  4. Press upload, and it starts sending
  5. Parsing settings of the Whisperer apply on the parsing process
  6. Once finished, you have a link to filter on the uploaded data

UploadPcap.png

You may:

  • Upload several files at once (queue)
  • Pause and restart upload if needed, but not too long as it may impact parsing process depending on Whisperer settings.
warning

If you switch tab in the browser and hide Spider UI while uploading, it will pause the process.
And the parsing may fail because of this pause in the stream.

Process

Uploaded pcap files are parsed on the UI and sent to Spider servers as if they were captured remotely.

  • The same parsing features are available as for normal Whisperers.
  • Except PCAP filtering that is not possible.

JSON files

Use cases

  • Import in development environment some exported communications from production
  • Export and import recorded communications to check regression
  • ...

Usage

Json files may be uploaded only on specific Whisperers dedicated to UPLOAD. In order not to mess with real captured data

  1. Select an upload whisperer (1 only)
  2. Click on the upload button or drop the file (top left of screen)
  3. Some information on the capture is displayed
  4. Press upload, and it starts sending
  5. Once finished, you have a link to filter on the uploaded data

UploadJson.png

You may also upload several files at once (queue).

Process

Uploaded JSON files contain both HTTP communications and the Hosts records associated to the clients and servers.
Both Hosts and Communications are sent to Spider servers.

Hosts records are 'merged' to existing records while communication are injected to the store, potentially overriding existing.