I would assume there is no way to enable conditional packet slicing. i.e.
For example, during large encrypted data transfers, capture the summary
information but drop the payload itself (scp, https).
On Wed, Apr 6, 2016 at 9:35 AM, Alfredo Cardigliano <cardigliano@ntop.org>
wrote:
> Hi Jeremy
>
> > On 05 Apr 2016, at 19:43, Jeremy Ashton <jeremy.ashton@shopify.com>
> wrote:
> >
> > I noticed the following arguments for n2disk but could not find
> documentation on them:
> >
> > [—packet-slicing|-0] <header level> | Slice packet after the
> specified header.
>
> This can be used to save only a portion of the captured packet, you should
> specify the max header level you want to save (e.g. --packet-slicing 3 will
> save a portion of the packet up to the IP header).
>
> > [—fast-filter|-F] <filter> | Faster replacement for
> BPF ingress packet filter.
>
> Please take a look at Appendix B of the User’s Guide at
> http://www.ntop.org/wp-content/uploads/2011/08/n2disk-UsersGuide1.pdf
>
> > [--archive-directory|-O] <directory> | Directory where dump
> files will be archived (slower
> > | disks). The -a option is
> overwritten when using it.
>
> This can be used to move pcap files to another storage instead of deleting
> them when the --max-num-files x --max-nested-dirs limit is reached and
> n2disk starts overwriting the oldest files.
>
> Alfredo
>
> >
> > I wonder if someone might be able to shed some light on these features.
> >
> > Thanks.
> > _______________________________________________
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>