NETCAP
OverviewGitHubHomepageGoDoc
Search…
v0.5
Overview
Audit Records
Specification
Installation
Quickstart
Configuration
Bash Completion
Packet Collection
Audit Record Labeling
HTTP Proxy
USB Capture
Payload Capture
Distributed Collection
Workers
Filtering and Export
Data Compression
Internals
Metrics
Resolvers
TLS Fingerprinting
Reassembly
Deep Packet Inspection
Live Capture
Maltego Integration
Logging
Packet Contexts
Industrial Control Systems
File Extraction
Email Extraction
Device Profiles
Python Integration
Changelog
Troubleshooting
Unit Tests
Extension
Downloads
Docker Containers
FAQ
Contributing
License
Powered By GitBook
Payload Capture
Capture full packet payloads
It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB
This can be enabled with the -payload flag:
1
$ net capture -read traffic.pcap -payload
Copied!
Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the Payload field of the audit records.
You can use the -struc flag with the dump tool to see the payload in the command-line:
1
$ net dump -read TCP.ncap.gz -struc
Copied!
Previous
USB Capture
Next
Distributed Collection
Last modified 1yr ago
Copy link