User Tools

Site Tools


pom:target:pcap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Last revisionBoth sides next revision
pom:target:pcap [2012/10/12 08:57] – external edit 127.0.0.1pom:target:pcap [2012/10/12 09:29] 2001:7e8:2221:600:9471:feff:febb:91f7
Line 1: Line 1:
 ===== target_pcap ===== ===== target_pcap =====
 This target will save the matched packets into a pcap file. This is the same format used by tcpdump and wireshark. This target will save the matched packets into a pcap file. This is the same format used by tcpdump and wireshark.
-It has the following parameters : 
  
 ==== Mode default ==== ==== Mode default ====
  
-  * filename +Parameters : 
-File where to save the packets.\\ +^ Name ^ Default value ^ Description ^ 
-Default : dump.cap+|filename|dump.cap|File where to save the packets.| 
 +|snaplen|1522|Maximum size of captured packetsThe default size should be enough to save all the packets in their entirety. Please note that helper_ipv4 can reassemble fragments and may be larger than the initial MTU.| 
 +|layer|ethernet|The first layer to use when saving packets. This can be either ethernet, linux_cooked, docsis or ipv4. Make sure the layer you want to use to save packets is present in the layers of the packets you sniff.| 
 +|unbuffered|no|Write the packets directly to the disk. This can significantly decrease performances. Don't change if you don't know what you are doing.|
  
-  * snaplen 
-Maximum size of captured packets. The default size should be enough to save all the packets in their entirety. Please note that helper_ipv4 can reassemble fragments and may be larger than the initial MTU.\\ 
-Default : 1522 
- 
-  * layer 
-The first layer to use when saving packets. This can be either ethernet, linux_cooked, docsis or ipv4. Make sure the layer you want to use to save packets is present in the layers of the packets you sniff.\\ 
-Default : ethernet 
- 
-  * unbuffered 
-Write the packets directly to the disk. This can significantly decrease performances. Don't change if you don't know what you are doing.\\ 
-Default : no 
  
 ==== Mode split ==== ==== Mode split ====
Line 25: Line 16:
 This mode has all the parameters of the default mode except filename, plus the ones below. It will open a new file each time one of the given condition occurs. This mode has all the parameters of the default mode except filename, plus the ones below. It will open a new file each time one of the given condition occurs.
  
-  * prefix +Additional parameters: 
-Prefix of the files being created including the directory.\\ +^ Name ^ Default value ^ Description ^ 
-Default : dump +|prefix|dump|Prefix of the files being created including the directory.| 
- +|overwrite|no|Specify if existing files can be overwritten or not. If no, it will skip existing files and go to the next one.| 
-  * overwrite +|split_size|0|Split the file after the specified size. 0 means unlimited.| 
-Specify if existing files can be overwritten or not. If no, it will skip existing files and go to the next one.\\ +|split_packets|0|Split the file after the specified number of packets. 0 means unlimited.| 
-Default : no +|split_interval|0|Split the file after the specified number of seconds. 0 means unlimited.|
- +
-  * split_size +
-Split the file after the specified size. 0 means unlimited.\\ +
-Default : 0 +
- +
-  * split_packets +
-Split the file after the specified number of packets. 0 means unlimited.\\ +
-Default : 0 +
- +
-  * split_interval +
-Split the file after the specified number of seconds. 0 means unlimited.\\ +
-Default : 0+
  
 ==== Mode connection ==== ==== Mode connection ====
  
 This mode will save each connection in a separate pcap file. It has the very same parameters than the default mode but filename. To specify where to save connections, you'll use the prefix parameter. This parameter support file path expansion. This mode will save each connection in a separate pcap file. It has the very same parameters than the default mode but filename. To specify where to save connections, you'll use the prefix parameter. This parameter support file path expansion.
pom/target/pcap.txt · Last modified: 2020/05/26 21:59 by 127.0.0.1