Pcapdj's goal is to process huge lists of pcap files without too much hassle:
- it alleviates the need for collaging the pcap into a huge one before processing,
- it allows the user to pause the ingestion process, for instance to mount new evidence disks that contain the following pcaps in a collection.
The only requirements are:
- libwiretap,
- libwiretap-utils,
- hiredis,
- glib2.0.
A redis service is used to publish the list of files to process and whether or not they are ready for ingestion by pcapdj.