NETCAP
OverviewGitHubHomepageGoDoc
v0.5
v0.5
  • Overview
  • Audit Records
  • Specification
  • Installation
    • Kali Linux
  • Quickstart
  • Configuration
  • Bash Completion
  • Packet Collection
  • Audit Record Labeling
  • HTTP Proxy
  • USB Capture
  • Payload Capture
  • Distributed Collection
  • Workers
  • Filtering and Export
  • Data Compression
  • Internals
  • Metrics
  • Resolvers
  • TLS Fingerprinting
  • Reassembly
  • Deep Packet Inspection
  • Live Capture
  • Maltego Integration
  • Logging
  • Packet Contexts
  • Industrial Control Systems
  • File Extraction
  • Email Extraction
  • Device Profiles
  • Python Integration
  • Changelog
  • Troubleshooting
  • Unit Tests
  • Extension
  • Downloads
  • Docker Containers
  • FAQ
  • Contributing
  • License
Powered by GitBook
On this page

Payload Capture

Capture full packet payloads

It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB

This can be enabled with the -payload flag:

$ net capture -read traffic.pcap -payload

Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the Payload field of the audit records.

You can use the -struc flag with the dump tool to see the payload in the command-line:

$ net dump -read TCP.ncap.gz -struc
PreviousUSB CaptureNextDistributed Collection

Last updated 3 years ago