Payload Capture
Capture full packet payloads
It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB
This can be enabled with the -payload flag:
1
$ net capture -read traffic.pcap -payload
Copied!
Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the Payload field of the audit records.
You can use the -struc flag with the dump tool to see the payload in the command-line:
1
$ net dump -read TCP.ncap.gz -struc
Copied!
Last modified 1yr ago
Copy link