pom-ng:output:pcap_flow
This is an old revision of the document!
Output pcap_flow
The output pcap_flow will save connections into separate files.
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| flow_proto | string | tcp | Connections of this protocol will be in separate files. |
| link_type | string | ethernet | What type of frame to save in the pcap file. Possible values are : ethernet, ipv4, docsis, 80211, radiotap, mpeg_ts, ppi. |
| prefix | string | /tmp/${ipv4.src}.${tcp.sport}-${ipv4.dst}.${tcp.dport}- | Prefix of the files created. This will need to be changed if the flow_proto is not tcp. |
| snaplen | uint16 | 1550 | Maximum stored size of packets. |
| unbuffered | bool | no | When set to yes, the packets will directly be written on the disk. This can be useful in some cases but will slow performances. |
pom-ng/output/pcap_flow.1400787476.txt.gz · Last modified: 2020/05/26 21:59 (external edit)