NETCAP
NETCAP
Overview
GitHub
Homepage
GoDoc
Overview
Framework Components
Protocol Support
Specification
Installation
Quickstart
Packet Collection
Audit Record Labeling
Distributed Collection
Workers
Filtering and Export
HTTP Proxy
Metrics
USB Capture
Payload Capture
Utils
Internals
Python Integration
Extension
FAQ
Downloads
Contributing
License
Powered by GitBook

Payload Capture

Capture full packet payloads

It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB.

Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the Payload field of the audit records.

Live Capture

This can be enabled with the -payload flag:

$ net.capture -r traffic.pcap -payload

Offline Capture

This works similar to offline capture:

$ net.capture -iface en0 -payload
Previous
USB Capture
Next
Utils
Last updated Wed May 08 2019 13:25:48 GMT+0000 (UTC)
Contents
Live Capture
Offline Capture