Capture Settings Guide
- Christopher Lytle
Introduction
The Capture Settings API allows you to configure the settings for the capture application for each port. It is easier or more intuitive to edit the setting on the QManager GUI, however the API is a flexible alternative for those who prefer to automate the configuration process.
Each capture port has a set of main settings that can be configured. These are just the Capture Settings and are accessible through the capture settings endpoints. Then if the filtering is enabled on the port, there can be a set of filter settings that can add additional configurations and filtering to the port. These are the Filter Settings and are accessible through the filter settings endpoints.
Capture Settings
The Capture Settings are the main settings for the capture port. These settings are accessible through the /api/v1/capture/capture_settings endpoint. The following are the settings that can be configured:
Get Capture Settings
GET - Get the capture settings for a port.
Path: /api/v1/capture/capture_settings
Parameters:
port: The port number of the capture port.
Example:
curl --location 'https://<Host Name>:8080/api/v1/capture/capture_settings?port=0' \
--header 'Authorization: ...'
In this example, the capture settings for port 0 are retrieved.
{
"status": "SUCCESS",
"msg": {
"Port0": "on",
"Port_Alias": "Office_Traffic_240",
"Filename": "sele_",
"CapDir": "/cifs/capture/records/Port0/",
"Timestamp": "nanosecond",
"Cap2Disk": "capture",
"IncFile": "on",
"SegmentSize": "bysize",
"Bytesize": "1000",
"Sizeunit": "MB",
"compress": "false",
"Rotation": "on",
"SyncDetect": "false",
"Merge_Ports": "false",
"Port_Slicing": "100",
"Filtering_Enable": "off",
"Inc_Resume": "0",
"Filters": {}
}
}
If filtering is enabled then you might see all the filter settings in the Filters key.
Set Capture Settings
PUT - Set the capture settings for a port.
Path: /api/v1/capture/capture_settings
Parameters:
port: The port number of the capture port.
Body:
Port0: The state of the port. Can beonoroff.Port_Alias: The alias of the port.Filename: The filename of the capture file. (Default: port{port})CapDir: The directory where the capture files are stored.Timestamp: The timestamp format of the capture file. Can benanosecond,microsecond,millisecond,second,minute,hour,day,month,year.Cap2Disk: The capture mode. Can becapture,buffer,off.IncFile: Increment the filename. Can beonoroff.SegmentSize: The segment size of the capture file. Can bebysize,bytime,byfilesize.Bytesize: The size of the segment. Can be any number between50and4000.Sizeunit: The unit of the size. Can beKB,MB,GB,TB.compress: Compress the capture file. Can betrueorfalse.Rotation: Rotate the capture file. Can beonoroff.SyncDetect: Detect synchronization. Can betrueorfalse.Merge_Ports: Merge ports. Can betrueorfalse.Port_Slicing: Port Slicing enabled. Can beonoroff.Filtering_Enable: Enable filtering. Can beonoroff.
Example:
curl --location --request PUT 'https://<Host Name>:8080/api/v1/capture/capture_settings?port=0' \
--header 'Authorization: ...' \
--header 'Content-Type: application/json' \
--data-raw '{
"Port0": "on",
"Port_Alias": "Office_Traffic_240",
"Filename": "sele_",
"CapDir": "/cifs/capture/records/Port0/",
"Timestamp": "nanosecond",
"Cap2Disk": "capture",
"IncFile": "on",
"SegmentSize": "bysize",
"Bytesize": "1000",
"Sizeunit": "MB",
"compress": "false",
"Rotation": "on",
"SyncDetect": "false",
"Merge_Ports": "false",
"Port_Slicing": "100",
"Filtering_Enable": "off"
}'
In this example, the capture settings for port 0 are set.
Capture Filter Settings
The Capture Filter Settings are the settings for the capture port when filtering is enabled. These settings are accessible through the /api/v1/capture/capture_filter_settings endpoint. The following are the settings that can be configured:
Get Capture Filter Settings
GET - Get the capture filter settings for a port.
Path: /api/v1/capture/capture_filter_settings
Parameters:
port: The port number of the capture port.filter: The filter number.
Example:
Set Capture Filter Settings
PUT - Set the capture filter settings for a port.
Path: /api/v1/capture/capture_filter_settings
Parameters:
port: The port number of the capture port.filter: The filter number.
Body:
Filter: The name of the filter.color: The color of the filter.Priority: The priority of the filter.VLAN_ID: The VLAN ID of the filter.Cap_Unfiltered: Capture unfiltered packets. Can betrueorfalse.Protocol_Select: The protocol to filter on. Can betcp,udp,icmp,arp,all.Port_Number_Entry: The port number to filter on.Port_Type: The type of port. Can besrc,dst,src_dst.IPV4: The IPv4 address to filter on.ALL_TCP: Capture all TCP packets. Can betrueorfalse.HTTP: Capture HTTP packets. Can betrueorfalse.HTTPS: Capture HTTPS packets. Can betrueorfalse.TELNET: Capture TELNET packets. Can betrueorfalse.SSH: Capture SSH packets. Can betrueorfalse.RSH: Capture RSH packets. Can betrueorfalse.FTP: Capture FTP packets. Can betrueorfalse.SMTP: Capture SMTP packets. Can betrueorfalse.POP3: Capture POP3 packets. Can betrueorfalse.NNTP: Capture NNTP packets. Can betrueorfalse.NNTPS: Capture NNTPS packets. Can betrueorfalse.IRC: Capture IRC packets. Can betrueorfalse.LDAP: Capture LDAP packets. Can betrueorfalse.ALL_UDP: Capture all UDP packets. Can betrueorfalse.DNS: Capture DNS packets. Can betrueorfalse.TFTP: Capture TFTP packets. Can betrueorfalse.SNTP: Capture SNTP packets. Can betrueorfalse.NETBIOS: Capture NETBIOS packets. Can betrueorfalse.NTP: Capture NTP packets. Can betrueorfalse.DHCP: Capture DHCP packets. Can betrueorfalse.BOOTP: Capture BOOTP packets. Can betrueorfalse.GTP_CNTL: Capture GTP_CNTL packets. Can betrueorfalse.GTP_USER: Capture GTP_USER packets. Can betrueorfalse.GTP_V0U: Capture GTP_V0U packets. Can betrueorfalse.GTP_V1U: Capture GTP_V1U packets. Can betrueorfalse.GTP_V1V2: Capture GTP_V1V2 packets. Can betrueorfalse.CAP_NAME: The name of the capture file.CAP_DIR: The directory where the capture files are stored.
Example: