NETCAP
NETCAP
Overview
GitHub
Homepage
GoDoc
Overview
Audit Records
Specification
Installation
Quickstart
Configuration
Bash Completion
Packet Collection
Audit Record Labeling
HTTP Proxy
USB Capture
Payload Capture
Distributed Collection
Workers
Filtering and Export
Data Compression
Internals
Metrics
Resolvers
TLS Fingerprinting
Reassembly
Deep Packet Inspection
Live Capture
Maltego Integration
Logging
Packet Contexts
Industrial Control Systems
File Extraction
Email Extraction
Device Profiles
Python Integration
Changelog
Troubleshooting
Unit Tests
Extension
Downloads
Docker Containers
FAQ
Contributing
License
Powered by GitBook

Payload Capture

Capture full packet payloads

It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB

This can be enabled with the -payload flag:

$ net capture -read traffic.pcap -payload

Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the Payload field of the audit records.

You can use the -struc flag with the dump tool to see the payload in the command-line:

$ net dump -read TCP.ncap.gz -struc
Previous
USB Capture
Next
Distributed Collection
Last updated 1 year ago