Capture full packet payloads
It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB
This can be enabled with the -payload flag:
$ net capture -read traffic.pcap -payload
Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the Payload field of the audit records.
You can use the -struc flag with the dump tool to see the payload in the command-line:
$ net dump -read TCP.ncap.gz -struc