The lb container never becomes healthy because no response is received from

curl --silent --fail http://localhost/api/v1 || exit 1

it appears that the update to nginx on May 25 changed the way that configuration works, redulting in the config throwing the error:

nginx: [emerg] "server" directive is not allowed here in /etc/nginx/conf.d/default.conf:1

nginx was then falling through to the default config, causing the proper ports not to be listened on.

Create an epic to fetch tool results and store them locally in the redux store for ease of use.

based on:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

it appears that the SameSite value should be Strict

I've pulled the docker image onto a windows machine. Several other containers start without issue but the admin portion reports the following error: The main webpage does come up however. Windows 10 2009 and newest version of docker installed on windows.

(HTTP code 500) server error - Ports are not available: listen tcp 0.0.0.0:5001: bind: An attempt was made to access a socket in a way forbidden by its access permissions.

Currently there's a show results for all tools, but some tools don't have results, they just modify files.

As I've been coding a CLI that exercises the Packet Cafe API, I've noticed there are a number of inconsistencies in naming across components that causes some coding confusion and adds friction in coding and debugging and looking through source code to learn as-yet undocumented things, since you can't rely on one string to use for searching with grep -r, etc.

• Session IDs are called, in various places, sessionId, session_id, and sess_id. The API tends to use sess_id, but JSON keys in responses and internal code use the other two.

• Request IDs are called, in various places, req_id, id_dir, fileId, uid, and uuid. The API tends to use req_id, but again variables and dictionary keys use the others.

• What was most confusing to me when first coding to the API was that the API uses /id to mean sess_id, but in JSON responses and internally to source code id seemed to sometimes refer to either Session ID or Request ID. It was hard to learn the relationships between API calls and resulting file paths and JSON responses, etc. I had multiple commands using the column Id, but the column values were different in each table and started translating column headings (which just further confuses things.)

Here are a few comments in my code to remind me:

lim/packet_cafe/__init__.py:        # NOTE(dittrich): Beware: "sess_id" vis "sessionId".
lim/packet_cafe/__init__.py:            # NOTE(dittrich): Beware: "sess_id" vis "sessionId".
lim/packet_cafe/__init__.py:            # NOTE(dittrich): Don't forget: 'req_id' is 'uuid' in result
lim/packet_cafe/api/upload.py:            # NOTE(dittrich): Don't forget: 'req_id' is 'uuid' in result

It would be much cleaner and easier to read code, documentation, and API calls, if sess_id was used for all references to Session IDs and req_id was used for all references to Request IDs and generic alias terms like id, uid, etc. were not used anywhere.

I realize this might take a bit of work, as it requires a lot of careful searching through both Python and Javascript code, as well as requiring significant documentation changes (and API route changes, too). That could argue for the changes being part of a v2 API definition, though that adds its own complexity. Otherwise, these would be breaking changes in the v1 API. Regardless, I think these changes would be well worth making in terms of simplifying coding to the API, understanding internal workings and results, and in clarifying documentation.

Not sure if this is on the list already. Interested to get your thoughts.

Currently the active file selection process is highly unintuitive and can only be done from a single very specific place within the application. It would be beneficial to make this process more obvious and something that can be done from anypoint in the flow of the application.

There could be a lengthy time between submitting and seeing anything "happen", particularly the first time, while Docker is pulling down all the images for the tools.

I know that "stop" is a WIP per the API documentation. Is "delete" also on the list? Could it be added easily? (I started looking at the code to find how it could be implemented for a PR, but it looks like it may be in the Javascript code?)

In the mean time, it appears that simply deleting files from the Docker shared volume works. I don't see any (ASCII, at least) index files in that directory tree that contain the session or request IDs, though I suspect there may be state in the Redis container?

I haven't looked into container logs yet to see if I can narrow down where in the code it might be.

My workaround for development testing now is to bypass the API and manipulate the file system directly:

(lim) dittrich at ren in ~/git/packet_cafe on develop
$ lim cafe admin sessions
+--------------------------------------+
| SessionId                            |
+--------------------------------------+
| 30b9ce67-75a4-49e6-b484-c4646b72fbd9 |
| 2d222a53-5b01-4d5e-a659-7da7c21d3cf6 |
| 73d532d7-3b2b-4a93-9a68-ae7091af6a2f |
| 9a949fe6-6520-437f-89ec-e7af6925b1e0 |
| 58a922ac-5483-4502-85b0-84673c473467 |
| 7eedfd93-4f65-4422-8d70-a4edf47d7364 |
| b0cf794e-bd80-4355-bd58-e20ae0473075 |
| a42ee6ab-d60b-4d8e-a1df-cb3dc6985c81 |
+--------------------------------------+
(lim) dittrich at ren in ~/git/packet_cafe on develop
$ for sess_id in $(lim cafe admin sessions -f value | head -n 5)
> do
> rm -rf ~/packet_cafe_data/{files,ids}/$sess_id
> done
(lim) dittrich at ren in ~/git/packet_cafe on develop
$ lim cafe admin sessions
+--------------------------------------+
| SessionId                            |
+--------------------------------------+
| b0cf794e-bd80-4355-bd58-e20ae0473075 |
| a42ee6ab-d60b-4d8e-a1df-cb3dc6985c81 |
| 7eedfd93-4f65-4422-8d70-a4edf47d7364 |
+--------------------------------------+

That isn't ideal, I know. Is there any side-effect of doing this?

One of the major issues facing analysts is dealing with multiple data sources created in differing local times using timestamps that do not include timezone. Is the time in this timezone, or in UTC? Are timestamps shown This really (really!) reduces efficiency and accuracy.

The industry standard solution to this problem is using ISO 8601 timestamps.

I am converting dates returned from API calls in my own code, but I think this change would be well worth making (and relatively simple) in packet-cafe itself. You can do this by changing datetime.datetime.utcnow() calls with arrow.utcnow in Python code. I can send a PR for that code. I don't know how to best do this within the Javascript code and tests as I don't code in Javascript.

$ lim cafe status a42ee6ab-d60b-4d8e-a1df-cb3dc6985c81 deb9facbec7a4ccbb952b957b9ad73ff
+---------------+-------------+----------------------------------+
| Tool          | State       | Timestamp                        |
+---------------+-------------+----------------------------------+
| pcap-stats    | Complete    | 2020-05-08T18:03:01.823649+00:00 |
| pcap-splitter | Complete    | 2020-05-08T18:03:21.538080+00:00 |
| mercury       | Complete    | 2020-05-08T18:03:06.372628+00:00 |
| snort         | Complete    | 2020-05-08T18:03:11.875505+00:00 |
| pcapplot      | In progress | 2020-05-08T18:03:19.514207+00:00 |
| p0f           | In progress | 2020-05-08T18:03:23.474442+00:00 |
| pcap-dot1q    | Complete    | 2020-05-08T18:03:00.643334+00:00 |
| ncapture      | Complete    | 2020-05-08T18:02:56.485207+00:00 |
| networkml     | In progress | 2020-05-08T18:03:20.568981+00:00 |
+---------------+-------------+----------------------------------+

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update dependency react-router-dom to v6.5.0

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

results don't show up for these subsequent tools because of being written to the wrong location

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

Remove the IP and Port heatmaps as they conflict with the newly implemented UI

Clicking the clear results button does not fire any events. This is because no non-null event handlers are being hooked up.

in the command npm install -g npm@latest --no-cache the flag --no-cache has the effect of setting NPM's cache path to false. This is an invalid option and throws a warning but is otherwise ignored. The correct option per: npm/cli#1159 (comment) is --prefer-online

Here's an example: http://0.0.0.0/results/undefined/bde10797455b46ce9d64aec16558cf04/mercury