Hortonworks Docs » Hortonworks Cybersecurity Platform 1.8.0 » Querying PCAP Data Using Fixed Filter

Querying PCAP Data Using Fixed Filter

Also available as:

PDF

loading table of contents...

Using PCAP

Filtering pcap Data

You can search or filter the pcap data using either a command line tool or a REST API.

Query pcap Data Using the Fixed Filter Option
You can search or filter the PCAP data by the packet header with the fixed filter command line tool.
Query pcap Data Using the Query Filter Option
You can search or filter the PCAP data using a binary regular expression which can be run on the packet payload itself. This query filter option can produce a very large output and create multiple files populating them with the specified number of records and titling them with timestamps.

Parent topic: Using PCAP

© 2012–2019, Hortonworks, Inc.

Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.

Hortonworks.com | Documentation | Support | Community