Pcap packet/pcap¶

Description¶

The module uses the pcap library to read packets from a pcap file or from a network interface.

Note

To be able to capture packets on a real interface, the process need to be launched with the proper permissions.

Parameters¶

interfaces

Comma-separated list of interfaces or the any keyword.

Example of possible values:

# Capture loopback traffic
interfaces = "lo"
# Capture loopback traffic and eth0
# interfaces = "lo, eth0"
# Capture on all interfaces
# interfaces = "any"

Warning

If the module capture on multiple interfaces and is doing forwarding, the packet will be received duplicated by haka. It will create problems with the state-full connection tracking.

file: Read packets from a pcap file.

Note

Only one of interfaces or file can be defined.

output=`file`

Save accepted packets to the specified pcap output file.

Example of capturing packets from a pcap file and saving accepted ones in a pcap output file:

file = "/tmp/input.pcap"
output = "/tmp/output.pcap"

dump_input=`file`: Save the received packets to the specified pcap file.

Haka

Software Defined Security

Pcap packet/pcap¶

Description¶

Parameters¶