NETCAP
OverviewGitHubHomepageGoDoc
Search…
v0.5
Overview
Audit Records
Specification
Installation
Quickstart
Configuration
Bash Completion
Packet Collection
Audit Record Labeling
HTTP Proxy
USB Capture
Payload Capture
Distributed Collection
Workers
Filtering and Export
Data Compression
Internals
Metrics
Resolvers
TLS Fingerprinting
Reassembly
Deep Packet Inspection
Live Capture
Maltego Integration
Logging
Packet Contexts
Industrial Control Systems
File Extraction
Email Extraction
Device Profiles
Python Integration
Changelog
Troubleshooting
Unit Tests
Extension
Downloads
Docker Containers
FAQ
Contributing
License
Powered By GitBook
Configuration
Adjusting framework parameters

Command-line Flags

Each subcommand has a dedicated set of flags for configuration.
List the flag names, a short description and their default values with:
1
$ net <subcommand> -h
Copied!

Environment

All default values for flags can be overriden via environment variables, by using the flag name and prefixing it with "NC_", for example lets overwrite the -read flag from net capture:
1
$ NC_READ=/home/user/traffic.pcap net capture
Copied!
Since the provide the value via the environment, passing it via flag is no longer necessary. This is generally useful to enable or disable features globally on your system.

Configuration File

Additionally, the configuration can be provided as a config file via the -config flag.
To retrieve a sane default configuration for the subcommand you want to execute, use the -gen-config flag and redirect the output into a file:
1
$ net capture -gen-config > capture.conf
Copied!
The config file will look something like this, using the name value syntax to set values:
1
...
2
# toggle promiscous mode for live capture
3
promisc true
4
​
5
# don't print infos to stdout
6
quiet false
7
​
8
# reassemble TCP connections
9
reassemble-connections true
10
​
11
# resolve ips to domains via the operating systems default dns resolver
12
reverse-dns false
13
​
14
# use serviceDB for device profiling
15
serviceDB false
16
​
17
# configure snaplen for live capture from interface
18
snaplen 1514
19
​
20
# print netcap package version and exit
21
version false
22
​
23
# wait for all connections to finish processing before cleanup
24
wait-conns true
25
​
26
# number of workers
27
workers 12
28
​
29
# write incomplete response
30
writeincomplete false
31
...
Copied!
Lines starting with # are treated as comments, blank lines are being ignored.
Adjust the parameters of interest and pass the config file:
1
$ net capture -config capture.conf
Copied!

Resolver Database

The environment variable NC_DATABASE_SOURCE can be used to overwrite the default path for the resolver databases /usr/local/etc/netcap/db. Read more about the resolvers package here:
​
Previous
Quickstart
Next
Bash Completion
Last modified 1yr ago
Copy link
Contents
Command-line Flags
Environment
Configuration File
Resolver Database