pom:input:pcap
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| pom:input:pcap [2012/10/12 08:57] – external edit 127.0.0.1 | pom:input:pcap [2020/05/26 21:59] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ==== Mode interface ==== | ==== Mode interface ==== | ||
| With this mode, you'll sniff packets from a specific interface. **To avoid packet loss while using input pcap, you may want to increase the nice level when running packet-o-matic.** You can also sniff from all the interfaces by specifying the interface name ' | With this mode, you'll sniff packets from a specific interface. **To avoid packet loss while using input pcap, you may want to increase the nice level when running packet-o-matic.** You can also sniff from all the interfaces by specifying the interface name ' | ||
| + | |||
| Parameters for this mode : | Parameters for this mode : | ||
| - | + | ^ Name ^ Default value ^ Description ^ | |
| - | | + | |interface|eth0|Interface name to sniff from or ' |
| - | Interface name to sniff from or ' | + | |snaplen|1522|Maximum captured size of the packets. The default is large enough to accommodate all the packets. You may need to raise it if you need to capture jumbo frames.| |
| - | Default : eth0. | + | |promisc|no|Set the interface in promiscuous mode to capture packets not destinated to the NIC MAC address. You need to be on a hub to use this. It doesn' |
| - | + | |filter| |Have packets filtered by the kernel. Make sure you know what you are doing when using this parameter. See '' | |
| - | * snaplen | + | |
| - | Maximum captured size of the packets. The default is large enough to accommodate all the packets. You may need to raise it if you need to capture jumbo frames. | + | |
| - | Default : 1522. | + | |
| - | + | ||
| - | * promisc | + | |
| - | Set the interface in promiscuous mode to capture packets not destinated to the NIC MAC address. You need to be on a hub to use this. It doesn' | + | |
| - | Default : no. | + | |
| - | + | ||
| - | * filter | + | |
| - | Have packets filtered by the kernel. Make sure you know what you are doing when using this parameter. See '' | + | |
| - | Default : none. | + | |
| ==== Mode file ==== | ==== Mode file ==== | ||
| In this mode, input_pcap will read its packets from a pcap file. | In this mode, input_pcap will read its packets from a pcap file. | ||
| + | |||
| Parameters for this mode : | Parameters for this mode : | ||
| - | + | ^ Name ^ Default value ^ Description ^ | |
| - | | + | |file|dump.cap|Specify the file to read packets from.| |
| - | Specify the file to read packets from. | + | |filter| |Have packets filtered by the kernel. Make sure you know what you are doing when using this parameter. See '' |
| - | Default : dump.cap | + | |
| - | + | ||
| - | * filter | + | |
| - | Have packets filtered by the kernel. Make sure you know what you are doing when using this parameter. See '' | + | |
| - | Default : none. | + | |
| ==== Mode directory ==== | ==== Mode directory ==== | ||
| Line 39: | Line 24: | ||
| Parameters for this mode : | Parameters for this mode : | ||
| - | + | ^ Name ^ Default value ^ Description ^ | |
| - | | + | |path|/tmp|Specify the directory to read packets from.| |
| - | Specify the directory to read packets from. | + | |file_extension|.cap|Specify the extension of the files that should be processed.| |
| - | Default : /tmp | + | |filter| |Have packets filtered by the kernel. Make sure you know what you are doing when using this parameter. See '' |
| - | + | ||
| - | * file_extension | + | |
| - | Specify the extension of the files that should be processed. | + | |
| - | Default : .cap | + | |
| - | + | ||
| - | * filter | + | |
| - | Have packets filtered by the kernel. Make sure you know what you are doing when using this parameter. See '' | + | |
| - | Default : none. | + | |
pom/input/pcap.1350032223.txt.gz · Last modified: 2020/05/26 21:59 (external edit)