NETCAP
Overview
GitHub
Homepage
GoDoc
Search…
v0.5
Overview
Audit Records
Specification
Installation
Quickstart
Configuration
Bash Completion
Packet Collection
Audit Record Labeling
HTTP Proxy
USB Capture
Payload Capture
Distributed Collection
Workers
Filtering and Export
Data Compression
Internals
Metrics
Resolvers
TLS Fingerprinting
Reassembly
Deep Packet Inspection
Live Capture
Maltego Integration
Logging
Packet Contexts
Industrial Control Systems
File Extraction
Email Extraction
Device Profiles
Python Integration
Changelog
Troubleshooting
Unit Tests
Extension
Downloads
Docker Containers
FAQ
Contributing
License
Powered By
GitBook
Payload Capture
Capture full packet payloads
It is now possible to capture payload data for the following protocols:
TCP, UDP, ModbusTCP, USB
This can be enabled with the
-payload
flag:
1
$ net capture -read traffic.pcap -payload
Copied!
Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the
Payload
field of the audit records.
You can use the
-struc
flag with the
dump
tool to see the payload in the command-line:
1
$ net dump -read TCP.ncap.gz -struc
Copied!
Previous
USB Capture
Next
Distributed Collection
Last modified
3mo ago
Copy link