Each subcommand has a dedicated set of flags for configuration.
List the flag names, a short description and their default values with:
$ net <subcommand> -h
Environment
All default values for flags can be overriden via environment variables, by using the flag name and prefixing it with "NC_", for example lets overwrite the -read flag from net capture:
$ NC_READ=/home/user/traffic.pcap net capture
Since the provide the value via the environment, passing it via flag is no longer necessary. This is generally useful to enable or disable features globally on your system.
Configuration File
Additionally, the configuration can be provided as a config file via the -config flag.
To retrieve a sane default configuration for the subcommand you want to execute, use the -gen-config flag and redirect the output into a file:
$ net capture -gen-config > capture.conf
The config file will look something like this, using the name value syntax to set values:
...# toggle promiscous mode for live capturepromisctrue# don't print infos to stdoutquietfalse# reassemble TCP connectionsreassemble-connectionstrue# resolve ips to domains via the operating systems default dns resolverreverse-dnsfalse# use serviceDB for device profilingserviceDBfalse# configure snaplen for live capture from interfacesnaplen1514# print netcap package version and exitversionfalse# wait for all connections to finish processing before cleanupwait-connstrue# number of workersworkers12# write incomplete responsewriteincompletefalse...
Lines starting with # are treated as comments, blank lines are being ignored.
Adjust the parameters of interest and pass the config file:
Resolver Database
The environment variable NC_CONFIG_ROOT can be used to overwrite the default path for the resolver databases ~/.config/netcap/dbs. Read more about the resolvers package here:
