Moloch has both capture and viewer regression tests that are run seperately.

* Requires Test::Differences pacakge: `yum install perl-Test-Differences` or `cpan Test::Differences`

1) Capture
Tests if the capture pcap parsers produce consistent results.  
Each pcap file is run thru Moloch capture with the results compared against the matching .test file.
The pcap file have been mostly anonymized.  mostly...  If you see data that shouldn't be there please let us know.
If you have simple sample pcap files that we can use please share them!

Run ./tests.pl <optional PCAP files>

PCAP files with known non Moloch source:
bigendian.pcap - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221
smbtorture-ntlmssp*.pcap - Subset of https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=smbtorture.cap.gz
dns-wireshark.pcap - https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=dns.cap
v6-http.pcap - https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=v6-http.cap
gre-sample.pcap - https://www.stearns.org/pcap/gre-sample.pcap
ldap-ssl.pcap  -  Reformat of https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ldap-ssl.pcapng
ldap-and-search.pcap - https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ldap-and-search.pcap
quic24-wireshark.pcap - Reformat of https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13844
quic33-wireshark.pcap - https://bugs.wireshark.org/bugzilla/attachment.cgi?id=14565
dns-notify.pcap - https://pcapr.net/view/bortzmeyer+pcapr/2013/8/1/13/dns-notify.pcap.html
pppoe.pcap - Subset of https://www.pcapr.net/view/tyson.key/2009/8/0/14/AOLTraffic_00000_20071029163901.html



2) Viewer
Test various viewer apis.  Requires that an elasticsearch already be running on the local host.

Run ./tests.pl --viewer <optional testname.t files>