Packet-o-matic

User Tools

Site Tools

Trace: pcap
pom:input:pcap

Table of Contents

input_pcap

Mode interface

With this mode, you'll sniff packets from a specific interface. To avoid packet loss while using input pcap, you may want to increase the nice level when running packet-o-matic. You can also sniff from all the interfaces by specifying the interface name 'any'. When starting, it will show what output layer will be used. If you sniff from an interface, it will be either ethernet or linux_cooked for special interfaces like ppp interfaces.

Parameters for this mode :

Name Default value Description
interfaceeth0Interface name to sniff from or 'any' for all the interfaces.
snaplen1522Maximum captured size of the packets. The default is large enough to accommodate all the packets. You may need to raise it if you need to capture jumbo frames.
promiscnoSet the interface in promiscuous mode to capture packets not destinated to the NIC MAC address. You need to be on a hub to use this. It doesn't work when interface is set to 'any'.
filter Have packets filtered by the kernel. Make sure you know what you are doing when using this parameter. See man tcpdump or man pcap-filter for syntax.

Mode file

In this mode, input_pcap will read its packets from a pcap file.

Parameters for this mode :

Name Default value Description
filedump.capSpecify the file to read packets from.
filter Have packets filtered by the kernel. Make sure you know what you are doing when using this parameter. See man tcpdump or man pcap-filter for syntax.

Mode directory

This mode is very similar to mode file. However instead of specifying a file, you specify a directory where the files will be found and the extension of files to look at. It will use the timestamps of the first packet saved in each file to process them in the right order. You can add files while it's processing and it will process them too a the right time.

Parameters for this mode :

Name Default value Description
path/tmpSpecify the directory to read packets from.
file_extension.capSpecify the extension of the files that should be processed.
filter Have packets filtered by the kernel. Make sure you know what you are doing when using this parameter. See man tcpdump or man pcap-filter for syntax.
pom/input/pcap.txt · Last modified: 2020/05/26 21:59 by 127.0.0.1