调研了些可以大数据量的处理pcap包的工具

opensoc
https://blog.sectong.com/blog/opensoc_deep_analysis.html

Security Onion
http://www.freebuf.com/sectool/84043.html

packetpig
https://zh.hortonworks.com/blog/big-data-security-part-two-introduction-to-packetpig/

https://github.com/packetloop/packetpig

ivre
https://ivre.rocks/

hadoop-pcap
https://github.com/RIPE-NCC/hadoop-pcap

aktaion
https://github.com/jzadeh/aktaion

afterglow
http://afterglow.sourceforge.net/

bokeh
http://bokeh.pydata.org/en/latest/docs/user_guide/quickstart.html

open network insight
https://github.com/Open-Network-Insight/open-network-insight

bro
https://github.com/bro/broctl

https://www.bro.org/

参考
http://raffy.ch/blog/2012/03/21/visualizing-packet-captures-for-fun-and-profit/

http://ieeexplore.ieee.org/document/7502925/

http://www.sigcomm.org/ccr/papers/2013/January/2427036.2427038

https://media.blackhat.com/us-13/US-13-Hanif-Binarypig-Scalable-Malware-Analytics-in-Hadoop-Slides.pdf

https://bigsnarf.wordpress.com/2012/03/28/solutions-for-bigdata-ingest-of-network-traffic-analyzing-pcap-traffic-with-hadoop/

https://sites.google.com/a/networks.cnu.ac.kr/yhlee/

https://zhuanlan.zhihu.com/p/23092014

https://www.ibm.com/developerworks/cn/opensource/os-cn-bigdata-ambari/index.html

https://www.elastic.co/products/kibana