Payload Capture

Capture full packet payloads

It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB.

Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the Payload field of the audit records.

Live Capture

This can be enabled with the -payload flag:

$ net.capture -r traffic.pcap -payload

Offline Capture

This works similar to offline capture:

$ net.capture -iface en0 -payload