Differences

This shows you the differences between two versions of the page.

--- pom:target:pcap [2012/10/12 08:57] – external edit 127.0.0.1
+++ pom:target:pcap [2020/05/26 21:59] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ===== target_pcap =====
 This target will save the matched packets into a pcap file. This is the same format used by tcpdump and wireshark.
-It has the following parameters :
 ==== Mode default ====
-  * filename
+Parameters :
-File where to save the packets.\\
+^ Name ^ Default value ^ Description ^
-Default : dump.cap
+|filename|dump.cap|File where to save the packets.|
+|snaplen|1522|Maximum size of captured packets. The default size should be enough to save all the packets in their entirety. Please note that helper_ipv4 can reassemble fragments and may be larger than the initial MTU.|
+|layer|ethernet|The first layer to use when saving packets. This can be either ethernet, linux_cooked, docsis or ipv4. Make sure the layer you want to use to save packets is present in the layers of the packets you sniff.|
+|unbuffered|no|Write the packets directly to the disk. This can significantly decrease performances. Don't change if you don't know what you are doing.|
-  * snaplen
-Maximum size of captured packets. The default size should be enough to save all the packets in their entirety. Please note that helper_ipv4 can reassemble fragments and may be larger than the initial MTU.\\
-Default : 1522
-  * layer
-The first layer to use when saving packets. This can be either ethernet, linux_cooked, docsis or ipv4. Make sure the layer you want to use to save packets is present in the layers of the packets you sniff.\\
-Default : ethernet
-  * unbuffered
-Write the packets directly to the disk. This can significantly decrease performances. Don't change if you don't know what you are doing.\\
-Default : no
 ==== Mode split ====
@@ Line 25: / Line 16: @@
 This mode has all the parameters of the default mode except filename, plus the ones below. It will open a new file each time one of the given condition occurs.
-  * prefix
+Additional parameters:
-Prefix of the files being created including the directory.\\
+^ Name ^ Default value ^ Description ^
-Default : dump
+|prefix|dump|Prefix of the files being created including the directory.|
+|overwrite|no|Specify if existing files can be overwritten or not. If no, it will skip existing files and go to the next one.|
-  * overwrite
+|split_size|0|Split the file after the specified size. 0 means unlimited.|
-Specify if existing files can be overwritten or not. If no, it will skip existing files and go to the next one.\\
+|split_packets|0|Split the file after the specified number of packets. 0 means unlimited.|
-Default : no
+|split_interval|0|Split the file after the specified number of seconds. 0 means unlimited.|
-  * split_size
-Split the file after the specified size. 0 means unlimited.\\
-Default : 0
-  * split_packets
-Split the file after the specified number of packets. 0 means unlimited.\\
-Default : 0
-  * split_interval
-Split the file after the specified number of seconds. 0 means unlimited.\\
-Default : 0
 ==== Mode connection ====
 This mode will save each connection in a separate pcap file. It has the very same parameters than the default mode but filename. To specify where to save connections, you'll use the prefix parameter. This parameter support file path expansion.