AppPacCap
Application Packet Capture: A better way to PCAP.
API
AppPacCap provides a RESTful API that allows for control of the packet capture process as well as the visualization of the data.
This powerful back-end functionailty can be used to create useful and functional front-ends that meet specific needs. Here you can explore the RESTful API.
AJAX
The API is accessed by performing a POST to the url ajax. The parameter action is required and the rest of this document discusses the various action values. If authentication is enabled then token is also required. token can be set through placeholders that AppPacCap will replace when the page is served. It is important to place the placeholder as the first argument as AppPacCap includes a comma in the replaced value. The token placeholders can be viewed here and an example of a request with the token placeholder can be seen below.
AJAX Call
var ax = $.ajax({
url: "ajax",
type: "post",
data: { {%HD_AJAX_TOKEN} "action": "action_value", ... }
});
apppaccap
This command is used to query information about the current AppPacCap installation.
Parameters
none
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = APPPACCAP
action_add
This command is used to add a new action. Parameters are variable based on the action type.
Parameters
token
name
action_type
trigger_id
...
ACTION_TYPE_EXECUTE
path
params
ACTION_TYPE_EXPORT
path
- token: (optional) The token value that gets returned during login.
- name: Name of the action..
- action_type: Type of action..
- trigger_id: (optional) If set, this action will only apply to the specified trigger. If undefined or 0, then the action will apply system wide.
- ACTION_TYPE_EXECUTE
- path: Program path to execute.
- params: (optional) Parameters that are passed to the process.
- NOTE: The process will execute in session 0 with service level privileges.
- ACTION_TYPE_EXPORT
- path: Directory of where to write the export.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = ACTION
action_clear_triggers
This command is used to clear associated triggers.
Parameters
token
action_id
- token: (optional) The token value that gets returned during login.
- action_id: The action id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
action_list
This command is used to list all configured actions.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf ACTION
action_mod
This command is used to modify an existing action.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
action_remove
This command is used to delete an action.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
action_set_trigger
This command is used set associated triggers.
Parameters
token
action_id
trigger_id
- token: (optional) The token value that gets returned during login.
- action_id: The action id.
- trigger_id: (optional) The trigger id to associate with the action. If 0, existing triggers will be cleared and the action will be set to system wide. Otherwise, the trigger will be added to the list.
adapter_list
This command is used to list all network adapters.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf NETADAPTER
apc_flush
This command is used to delete saved data. No active capture sessions can be running when issuing this command.
Parameters
token
flags
- token: (optional) The token value that gets returned during login.
- flags: The flag value indicates what data should be flushed from the databases. The flag values are defined here.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INTEGER
ReturnValue = ERROR_SUCCESS
capture_conn_stream
This command is used to query packets associated with a specific connection id.
Parameters
token
capture_id
conn_id
flags
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- conn_id: Connection id.
- flags: Default is 0 which means only packet meta-data is returned. Set to 1 if packet bytes should be included.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKETSTREAM
capture_delete
This command will delete a completed capture to include all packet data written to the database.
token
capture_id
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
capture_export
This command is used to request an export of packet data to a PCAPNG file.
Parameters
token
capture_id
path
filter
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- path: (optional) The full file path to write the exported data to. If blank, will write to the export directory in the installation folder.
- filter: (optional) A filter string to limit what packets get exported.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = COMMAND
capture_get_details
This command is used to get details about a capture session.
Parameters
token
capture_id
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = CAPTURE
capture_get_packet
This command is used to get the packet bytes.
Parameters
token
capture_id
packet_id
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- packet_id: Packet id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKET
capture_get_processes
This command is used to get a list of processes associated with a capture session.
Parameters
token
capture_id
last_id
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- last_id: (optional) The id value to query from. Default is 0.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf PROCESS
capture_list_active
This command is used to list all active capture sessions.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf CAPTURE
capture_list_conns
This command is used to get a list of connetions associated with a capture session.
Parameters
token
capture_id
last_id
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- last_id: (optional) The id value to query from. Default is 0.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf CONNECTION
capture_list_completed
This command is used to list all completed capture sessions.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf CAPTURE
capture_list_system
This command is used to list just completed system captures.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf CAPTURE
capture_open
This command is used to open a completed capture for reading and querying. It will fail if an active capture id is passed.
Parameters
token
capture_id
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = CAPTUREMETA
capture_query_ip
This command is used to query unique IP addresses associated with a capture session.
Parameters
token
capture_id
last_id
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id. If 0, then the system wide IP list is queried.
- last_id: The last IP id to query from. Default is 0.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf IP
capture_read
This command is used to read packet data from a completed session.
Parameters
token
capture_id
last_id
flags
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- last_id: (optional) The last packet id to query from. Default is 0.
- flags: (optional) Currently only supports 0 or 1. If set to 1, the packet bytes will be returned with the query otherwise it is just the metadata.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKETSTREAM
capture_set_notes
This command is used to associate user-defined metadata with either a capture session or individual packets.
Parameters
token
capture_id
packet_id
notes
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- packet_id: (optional) The packet id to update. If 0 or empty, then the capture session metadata will be updated.
- notes: (optional) The metadata to set. If blank or missing then the metadata is cleared.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INTEGER
ReturnValue = ERROR_SUCCESS
capture_start_system
This command is used to start a system wide packet capture.
Parameters
token
filter
flags
adapter
- token: (optional) The token value that gets returned during login.
- filter: (optional) A filter string. If provided, only the packets that match will be saved.
- flags: (optional) Flags that control how the capture session works. Default is 0. Only supports CAPTURE_FLAG_RESOLVE_IPS.
- adapter: (optional) List of adapter names to capture from. If empty then all adapters will be monitored.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = CAPTURE
capture_stop_system
This command is used to stop an active system-wide capture session.
Parameters
token
capture_id
- token: (optional) The token value that gets returned during login.
- capture_id: The capture id of the system capture session to stop.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
capture_start_process
This command is used to start a packet capture targeted against a specific process.
Parameters
token
capture_id
process_id
pid
thread_id
filter
flags
adapter
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- process_id: Process id.
- pid: System process id.
- thread_id: (optional) The specific thread to capture. Must include CAPTURE_FLAG_THREAD_CAPTURE in flags if thread is targeted.
- filter: (optional) A filter string. If provided, only the packets that match will be saved.
- flags: (optional) Flags that control how the capture session works. Default is 0.
- adapter: (optional) List of adapter names to capture from. If empty then all adapters will be monitored.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = CAPTURE
capture_stop_all
This command is used to stop all active capture sessions.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
capture_stop_process
This command is used to stop an active non-system capture session.
Parameters
token
capture_id
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
capture_stream
This command is used to request packet data associated with a capture session. This command only works with active captures and will fail with completed sessions.
Parameters
token
capture_id
last_id
flags
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- last_id: (optional) The last packet id to query from. Default is 0.
- flags: (optional) Currently only supports 0 or 1. If set to 1, the packet bytes will be returned with the query otherwise it is just the metadata.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKETSTREAM
capture_thread_stream
This command is used to request packets associated with a specific process and thread.
Parameters
token
capture_id
pid
thread_id
flags
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- pid: System process id.
- thread_id: System thread id (tid).
- flags: (optional) Currently only supports 0 or 1. If set to 1, the packet bytes will be returned with the query otherwise it is just the metadata.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKETSTREAM
command_delete
This command is used to delete a command.
Parameters
token
command_uid
- token: (optional) The token value that gets returned during login.
- command_uid: The uid of the command to delete.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
command_list
This command is used to list all commands.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf COMMAND
command_query
This command is used to query the status of a command.
Parameters
token
command_uid
- token: (optional) The token value that gets returned during login.
- command_uid: The uid of the command to query.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = COMMAND
export_list
This command is used to list all of the exported PCAP files.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = EXPORTFILE
export_delete
This command is used to delete one or all exported PCAP files.
Parameters
token
filename
- token: (optional) The token value that gets returned during login.
- filename: (optional) The filename of the PCAP to delete. If missing or blank, then all PCAP files will be deleted.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = The number of files deleted
extract_enable
This command is used to turn on file extraction. This is a global flag that impacts all capture sessions. Enabling file extraction can add significant overhead to the capture process.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
extract_disable
This command is used to turn off file extraction. This is a global flag that impacts all capture sessions.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
extract_query
This command is used to query the detected files that can be extracted from a capture session.
Parameters
token
capture_id
last_id
- token: (optional) The token value that gets returned during login.
- capture_id: The capture session id to query.
- last_id: (optional) The last file extraction id to query from.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = EXTRACTSTREAM
extract_file_write
This command is used to actually extract the file from the packets and write it to disk.
Parameters
token
capture_id
stream_id
- token: (optional) The token value that gets returned during login.
- capture_id: The capture session id to query.
- stream_id: The stream id within the capture session that represents the file.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = EXTRACTFILE
extract_file_list
This command is used to query all extracted files on disk.
Parameters
token
capture_id
- token: (optional) The token value that gets returned during login.
- capture_id: The capture session id to query.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf EXTRACTFILE
extract_file_clear
This command is used to delete all extracted files from disk.
Parameters
token
capture_id
- token: (optional) The token value that gets returned during login.
- capture_id: The capture session id to query.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = The number of files deleted
extract_file_delete
This command is used to delete a specific extracted file.
Parameters
token
capture_id
file_id
- token: (optional) The token value that gets returned during login.
- capture_id: The capture session id to query.
- file_id: (optional) The id of the file to delete. If missing or zero, then all files are deleted.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = The number of files deleted
ip_query
This command is used to query information on an IP address.
Parameters
token
capture_id
ip
- token: (optional) The token value that gets returned during login.
- capture_id: (optional) Capture session to query the data from. If zero, then the global list will be used.
- ip: IP address to query.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = IP
ip_set_data
This command is used to store the any additional meta data associated with an IP address.
Parameters
token
capture_id
ip
data
- token: (optional) The token value that gets returned during login.
- capture_id: (optional) Capture session to update in addition to the global list.
- ip: The IP address being saved.
- data: (optional) The data to associate with an ip. If blank then then existing data is cleared.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
ip_set_geo
This command is used to store the geolocation data for an IP address if resolved through an external system.
Parameters
token
capture_id
ip
hostname
country
city
lat
lng
- token: (optional) The token value that gets returned during login.
- capture_id: (optional) Capture session to update in addition to the global list.
- ip: The IP address being saved.
- hostname: (optional) The associated hostname.
- country: (optional) The country the IP is located in.
- city: (optional) The city the IP is located in.
- lat: The latitude of the IP address location.
- lng: The longitude of the IP address location.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
pcap_ingest_file
This command is used to send a PCAP filename to AppPacCap so it can be ingested.
Parameters
token
path
- token: (optional) The token value that gets returned during login.
- path: The file path of the PCAP or PCAPNg file.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
pcap_ingest_post
This command is used to send a PCAP file through a form POST so it can be ingested.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
process_list_capture
This command is used to list all processes currently being captured.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf PROCESS
process_list_running
This command is used to list all currently running processes.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf PROCESS
process_list_threads
This command is used to list the threads associated with a process.
Parameters
token
process_id
pid
flags
- token: (optional) The token value that gets returned during login.
- process_id: The process id.
- pid: The system process id.
- flags: (optional) Returns all process threads if set to 1. Default is 0 which returns only live threads.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf THREAD
search_cancel
This command is used to cancel a search operation.
Parameters
token
search_id
- token: (optional) The token value that gets returned during login.
- search_id: The id of the search operation to cancel.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
search_delete
This command is used to cancel an active search (if running), and delete all results.
Parameters
token
search_id
- token: (optional) The token value that gets returned during login.
- search_id: The id of the search operation to delete.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
search_export
This command is used to request an export of packet data to a PCAPNG file.
Parameters
token
search_id
path
- token: (optional) The token value that gets returned during login.
- search_id: Search id.
- path: (optional) The full file path to write the exported data to. If blank, will write to the export directory in the installation folder.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = COMMAND
search_list
This command is used to list all active and completed searches.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf SEARCHMETA
search_open
This command is used to get information about a specific search request.
Parameters
token
search_id
- token: (optional) The token value that gets returned during login.
- search_id: The id of the search operation.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = SEARCHMETA
search_read
This command is used to query the results of a specific search operation and to retrieve results.
Parameters
token
search_id
last_id
- token: (optional) The token value that gets returned during login.
- search_id: The id of the search operation.
- last_id: (optional) The last search item id to query from. Default is 0..
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = SEARCHLIST
search_start
This command is used to begin a search operation. Searches are async so results are not returned with this command.
Parameters
token
filter
- token: (optional) The token value that gets returned during login.
- q: The search filter.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = SEARCHMETA
search_verify_filter
This command is used to verify if a search filter syntax is correct.
Parameters
token
filter
- token: (optional) The token value that gets returned during login.
- filter: The search filter string to verify.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = SEARCHSYNTAX
server_folders
This command is used to query all installed themes.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf (string)
server_pages
This command is used to query all pages associated with a specific theme.
Parameters
token
theme_name
- token: (optional) The token value that gets returned during login.
- theme_name: Name of theme query available pages.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf (string)
settings_clear
This command is used to clear all user defined settings.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
settings_get_all
This command is used to get all user defined settings.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = dictionaryOf (string, string)
settings_get_by_key
This command is used to query a specific setting by key name.
Parameters
token
key_name
- token: (optional) The token value that gets returned during login.
- key_name: Name of settings key.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_STRING
ReturnValue = value
settings_set
This command is used to set a settings value by key name.
Parameters
token
key_name
value
- token: (optional) The token value that gets returned during login.
- key_name: Name of settings key to set.
- value: Value to associate with key_name.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
stats_by_date
This command is used to date specific statistics.
Parameters
token
capture_id
start_dtg
end_dtg
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- start_dtg: Start of date range in UTC filetime.
- end_dtg: (optional) End of date range in UTC filetime.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
stats_by_id
This command is used to query capture specific statistics.
Parameters
token
capture_id
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
stats_by_ip
This command is used to query IP specific statistics.
Parameters
token
capture_id
ip
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- ip: IP address to query.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
stats_by_port
This command is used to query port specific statistics.
Parameters
token
capture_id
port
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- port: Port number to query.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
stats_by_protocol
This command is used to protocol specific statistics.
Parameters
token
capture_id
protocol
- token: (optional) The token value that gets returned during login.
- capture_id: Capture id.
- protocol: Layer 3 protocol number.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
stats_reset
This command is used to reset the statistic counters.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
stats_totals
This command is used to query system wide statistics.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSQUERY
trigger_add
This command is used to add a new trigger. Parameters are variable based on the trigger type.
Parameters
token
name
trigger_type
...
TRIGGER_TYPE_ON_START
path
filter
flags
- token: (optional) The token value that gets returned during login.
- name: The name of the trigger..
- trigger_type: Type of trigger..
- TRIGGER_TYPE_ON_START
- path: Directory or process path to trigger on.
- filter: (optional) Filter string applied to any capture session started with this trigger.
- flags: (optional) Flags that control how the capture session works. Default is 0.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
trigger_clear_actions
This command is used to clear all associated actions.
Parameters
token
trigger_id
- token: (optional) The token value that gets returned during login.
- trigger_id: Trigger id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
trigger_get_actions
This command is used to get the list of actions associated with this trigger.
Parameters
token
trigger_id
- token: (optional) The token value that gets returned during login.
- trigger_id: Trigger id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf ACTION
trigger_set_action
This command is used to set an action to the trigger.
Parameters
token
trigger_id
action_id
- token: (optional) The token value that gets returned during login.
- trigger_id: Trigger id.
- action_id: Action id to set
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
trigger_list
This command is used to list all configured triggers.
Parameters
token
- token: (optional) The token value that gets returned during login.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf TRIGGER
trigger_mod
This command is used to modify an existing trigger.
Parameters
token
trigger_id
filter
flags
- token: (optional) The token value that gets returned during login.
- trigger_id: Trigger id.
- filter: (optional) Filter string applied to the capture session started with this trigger. Will clear filter if blank or empty.
- flags: Flags that control how the capture session works.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
trigger_remove
This command is used to delete a trigger.
Parameters
token
trigger_id
- token: (optional) The token value that gets returned during login.
- trigger_id: Trigger id.
On Success Returned Data
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS