User Tools

Site Tools


pom:target:pcap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

pom:target:pcap [2012/10/12 08:57]
127.0.0.1 external edit
pom:target:pcap [2012/10/12 09:29] (current)
2001:7e8:2221:600:9471:feff:febb:91f7
Line 1: Line 1:
 ===== target_pcap ===== ===== target_pcap =====
 This target will save the matched packets into a pcap file. This is the same format used by tcpdump and wireshark. This target will save the matched packets into a pcap file. This is the same format used by tcpdump and wireshark.
-It has the following parameters : 
  
 ==== Mode default ==== ==== Mode default ====
  
-  * filename +Parameters : 
-File where to save the packets.\\ +^ Name ^ Default value ^ Description ^ 
-Default : dump.cap+|filename|dump.cap|File where to save the packets.| 
 +|snaplen|1522|Maximum size of captured packetsThe default size should be enough to save all the packets in their entirety. Please note that helper_ipv4 can reassemble fragments and may be larger than the initial MTU.| 
 +|layer|ethernet|The first layer to use when saving packets. This can be either ethernet, linux_cooked,​ docsis or ipv4. Make sure the layer you want to use to save packets is present in the layers of the packets you sniff.| 
 +|unbuffered|no|Write the packets directly to the disk. This can significantly decrease performances. Don't change if you don't know what you are doing.|
  
-  * snaplen 
-Maximum size of captured packets. The default size should be enough to save all the packets in their entirety. Please note that helper_ipv4 can reassemble fragments and may be larger than the initial MTU.\\ 
-Default : 1522 
- 
-  * layer 
-The first layer to use when saving packets. This can be either ethernet, linux_cooked,​ docsis or ipv4. Make sure the layer you want to use to save packets is present in the layers of the packets you sniff.\\ 
-Default : ethernet 
- 
-  * unbuffered 
-Write the packets directly to the disk. This can significantly decrease performances. Don't change if you don't know what you are doing.\\ 
-Default : no 
  
 ==== Mode split ==== ==== Mode split ====
Line 25: Line 16:
 This mode has all the parameters of the default mode except filename, plus the ones below. It will open a new file each time one of the given condition occurs. This mode has all the parameters of the default mode except filename, plus the ones below. It will open a new file each time one of the given condition occurs.
  
-  * prefix +Additional parameters: 
-Prefix of the files being created including the directory.\\ +^ Name ^ Default value ^ Description ^ 
-Default : dump +|prefix|dump|Prefix of the files being created including the directory.| 
- +|overwrite|no|Specify if existing files can be overwritten or not. If no, it will skip existing files and go to the next one.| 
-  * overwrite +|split_size|0|Split the file after the specified size. 0 means unlimited.| 
-Specify if existing files can be overwritten or not. If no, it will skip existing files and go to the next one.\\ +|split_packets|0|Split the file after the specified number of packets. 0 means unlimited.| 
-Default : no +|split_interval|0|Split the file after the specified number of seconds. 0 means unlimited.|
- +
-  * split_size +
-Split the file after the specified size. 0 means unlimited.\\ +
-Default : 0 +
- +
-  * split_packets +
-Split the file after the specified number of packets. 0 means unlimited.\\ +
-Default : 0 +
- +
-  * split_interval +
-Split the file after the specified number of seconds. 0 means unlimited.\\ +
-Default : 0+
  
 ==== Mode connection ==== ==== Mode connection ====
  
 This mode will save each connection in a separate pcap file. It has the very same parameters than the default mode but filename. To specify where to save connections,​ you'll use the prefix parameter. This parameter support file path expansion. This mode will save each connection in a separate pcap file. It has the very same parameters than the default mode but filename. To specify where to save connections,​ you'll use the prefix parameter. This parameter support file path expansion.
pom/target/pcap.txt · Last modified: 2012/10/12 09:29 by 2001:7e8:2221:600:9471:feff:febb:91f7