AppPacCap

Application Packet Capture: A better way to PCAP.

API

AppPacCap provides a RESTful API that allows for control of the packet capture process as well as the visualization of the data. This powerful back-end functionailty can be used to create useful and functional front-ends that meet specific needs. Here you can explore the RESTful API.

AJAX

The API is accessed by performing a POST to the url ajax. The parameter action is required and the rest of this document discusses the various action values. If authentication is enabled then token is also required. token can be set through placeholders that AppPacCap will replace when the page is served. It is important to place the placeholder as the first argument as AppPacCap includes a comma in the replaced value. The token placeholders can be viewed here and an example of a request with the token placeholder can be seen below.

AJAX Call

                  
var ax = $.ajax({
  url: "ajax",
  type: "post",
  data: { {%HD_AJAX_TOKEN} "action": "action_value", ... }
});
                  
              

apppaccap

This command is used to query information about the current AppPacCap installation.

Parameters

                  
none
                  
                

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = APPPACCAP
                  
                

action_add

This command is used to add a new action. Parameters are variable based on the action type.

Parameters

                  
token
name
action_type
trigger_id
...
ACTION_TYPE_EXECUTE
  path
  params
ACTION_TYPE_EXPORT
  path
                  
                

  • token: (optional) The token value that gets returned during login.
  • name: Name of the action..
  • action_type: Type of action..
  • trigger_id: (optional) If set, this action will only apply to the specified trigger. If undefined or 0, then the action will apply system wide.
  • ACTION_TYPE_EXECUTE
    • path: Program path to execute.
    • params: (optional) Parameters that are passed to the process.
    • NOTE: The process will execute in session 0 with service level privileges.
  • ACTION_TYPE_EXPORT
    • path: Directory of where to write the export.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = ACTION
                  
                

action_clear_triggers

This command is used to clear associated triggers.

Parameters

                  
token
action_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • action_id: The action id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

action_list

This command is used to list all configured actions.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf ACTION
                  
                

action_mod

This command is used to modify an existing action.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

action_remove

This command is used to delete an action.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

action_set_trigger

This command is used set associated triggers.

Parameters

                  
token
action_id
trigger_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • action_id: The action id.
  • trigger_id: (optional) The trigger id to associate with the action. If 0, existing triggers will be cleared and the action will be set to system wide. Otherwise, the trigger will be added to the list.

adapter_list

This command is used to list all network adapters.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf NETADAPTER
                  
                

apc_flush

This command is used to delete saved data. No active capture sessions can be running when issuing this command.

Parameters

                  
token
flags
                  
                

  • token: (optional) The token value that gets returned during login.
  • flags: The flag value indicates what data should be flushed from the databases. The flag values are defined here.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INTEGER
ReturnValue = ERROR_SUCCESS
                  
                

capture_conn_stream

This command is used to query packets associated with a specific connection id.

Parameters

                  
token
capture_id
conn_id
flags
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • conn_id: Connection id.
  • flags: Default is 0 which means only packet meta-data is returned. Set to 1 if packet bytes should be included.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKETSTREAM
                  
                

capture_delete

This command will delete a completed capture to include all packet data written to the database.

                  
token
capture_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

capture_export

This command is used to request an export of packet data to a PCAPNG file.

Parameters

                  
token
capture_id
path
filter
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • path: (optional) The full file path to write the exported data to. If blank, will write to the export directory in the installation folder.
  • filter: (optional) A filter string to limit what packets get exported.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = COMMAND
                  
                

capture_get_details

This command is used to get details about a capture session.

Parameters

                  
token
capture_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = CAPTURE
                  
                

capture_get_packet

This command is used to get the packet bytes.

Parameters

                  
token
capture_id
packet_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • packet_id: Packet id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKET
                  
                

capture_get_processes

This command is used to get a list of processes associated with a capture session.

Parameters

                  
token
capture_id
last_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • last_id: (optional) The id value to query from. Default is 0.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf PROCESS
                  
                

capture_list_active

This command is used to list all active capture sessions.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf CAPTURE
                  
                

capture_list_conns

This command is used to get a list of connetions associated with a capture session.

Parameters

                  
token
capture_id
last_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • last_id: (optional) The id value to query from. Default is 0.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf CONNECTION
                  
                

capture_list_completed

This command is used to list all completed capture sessions.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf CAPTURE
                  
                

capture_list_system

This command is used to list just completed system captures.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf CAPTURE
                  
                

capture_open

This command is used to open a completed capture for reading and querying. It will fail if an active capture id is passed.

Parameters

                  
token
capture_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = CAPTUREMETA
                  
                

capture_query_ip

This command is used to query unique IP addresses associated with a capture session.

Parameters

                  
token
capture_id
last_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id. If 0, then the system wide IP list is queried.
  • last_id: The last IP id to query from. Default is 0.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf IP
                  
                

capture_read

This command is used to read packet data from a completed session.

Parameters

                  
token
capture_id
last_id
flags
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • last_id: (optional) The last packet id to query from. Default is 0.
  • flags: (optional) Currently only supports 0 or 1. If set to 1, the packet bytes will be returned with the query otherwise it is just the metadata.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKETSTREAM
                  
                

capture_set_notes

This command is used to associate user-defined metadata with either a capture session or individual packets.

Parameters

                  
token
capture_id
packet_id
notes
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • packet_id: (optional) The packet id to update. If 0 or empty, then the capture session metadata will be updated.
  • notes: (optional) The metadata to set. If blank or missing then the metadata is cleared.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INTEGER
ReturnValue = ERROR_SUCCESS
                  
                

capture_start_system

This command is used to start a system wide packet capture.

Parameters

                  
token
filter
flags
adapter
                  
                

  • token: (optional) The token value that gets returned during login.
  • filter: (optional) A filter string. If provided, only the packets that match will be saved.
  • flags: (optional) Flags that control how the capture session works. Default is 0. Only supports CAPTURE_FLAG_RESOLVE_IPS.
  • adapter: (optional) List of adapter names to capture from. If empty then all adapters will be monitored.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = CAPTURE
                  
                

capture_stop_system

This command is used to stop an active system-wide capture session.

Parameters

                  
token
capture_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: The capture id of the system capture session to stop.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

capture_start_process

This command is used to start a packet capture targeted against a specific process.

Parameters

                  
token
capture_id
process_id
pid
thread_id
filter
flags
adapter
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • process_id: Process id.
  • pid: System process id.
  • thread_id: (optional) The specific thread to capture. Must include CAPTURE_FLAG_THREAD_CAPTURE in flags if thread is targeted.
  • filter: (optional) A filter string. If provided, only the packets that match will be saved.
  • flags: (optional) Flags that control how the capture session works. Default is 0.
  • adapter: (optional) List of adapter names to capture from. If empty then all adapters will be monitored.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = CAPTURE
                  
                

capture_stop_all

This command is used to stop all active capture sessions.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

capture_stop_process

This command is used to stop an active non-system capture session.

Parameters

                  
token
capture_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

capture_stream

This command is used to request packet data associated with a capture session. This command only works with active captures and will fail with completed sessions.

Parameters

                  
token
capture_id
last_id
flags
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • last_id: (optional) The last packet id to query from. Default is 0.
  • flags: (optional) Currently only supports 0 or 1. If set to 1, the packet bytes will be returned with the query otherwise it is just the metadata.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKETSTREAM
                  
                

capture_thread_stream

This command is used to request packets associated with a specific process and thread.

Parameters

                  
token
capture_id
pid
thread_id
flags
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • pid: System process id.
  • thread_id: System thread id (tid).
  • flags: (optional) Currently only supports 0 or 1. If set to 1, the packet bytes will be returned with the query otherwise it is just the metadata.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = PACKETSTREAM
                  
                

command_delete

This command is used to delete a command.

Parameters

                  
token
command_uid
                  
                

  • token: (optional) The token value that gets returned during login.
  • command_uid: The uid of the command to delete.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

command_list

This command is used to list all commands.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf COMMAND
                  
                

command_query

This command is used to query the status of a command.

Parameters

                  
token
command_uid
                  
                

  • token: (optional) The token value that gets returned during login.
  • command_uid: The uid of the command to query.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = COMMAND
                  
                

export_list

This command is used to list all of the exported PCAP files.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = EXPORTFILE
                  
                

export_delete

This command is used to delete one or all exported PCAP files.

Parameters

                  
token
filename
                  
                

  • token: (optional) The token value that gets returned during login.
  • filename: (optional) The filename of the PCAP to delete. If missing or blank, then all PCAP files will be deleted.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = The number of files deleted
                  
                

extract_enable

This command is used to turn on file extraction. This is a global flag that impacts all capture sessions. Enabling file extraction can add significant overhead to the capture process.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

extract_disable

This command is used to turn off file extraction. This is a global flag that impacts all capture sessions.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

extract_query

This command is used to query the detected files that can be extracted from a capture session.

Parameters

                  
token
capture_id
last_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: The capture session id to query.
  • last_id: (optional) The last file extraction id to query from.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = EXTRACTSTREAM
                  
                

extract_file_write

This command is used to actually extract the file from the packets and write it to disk.

Parameters

                  
token
capture_id
stream_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: The capture session id to query.
  • stream_id: The stream id within the capture session that represents the file.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = EXTRACTFILE
                  
                

extract_file_list

This command is used to query all extracted files on disk.

Parameters

                  
token
capture_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: The capture session id to query.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf EXTRACTFILE
                  
                

extract_file_clear

This command is used to delete all extracted files from disk.

Parameters

                  
token
capture_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: The capture session id to query.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = The number of files deleted
                  
                

extract_file_delete

This command is used to delete a specific extracted file.

Parameters

                  
token
capture_id
file_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: The capture session id to query.
  • file_id: (optional) The id of the file to delete. If missing or zero, then all files are deleted.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = The number of files deleted
                  
                

ip_query

This command is used to query information on an IP address.

Parameters

                  
token
capture_id
ip
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: (optional) Capture session to query the data from. If zero, then the global list will be used.
  • ip: IP address to query.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = IP
                  
                

ip_set_data

This command is used to store the any additional meta data associated with an IP address.

Parameters

                  
token
capture_id
ip
data
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: (optional) Capture session to update in addition to the global list.
  • ip: The IP address being saved.
  • data: (optional) The data to associate with an ip. If blank then then existing data is cleared.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

ip_set_geo

This command is used to store the geolocation data for an IP address if resolved through an external system.

Parameters

                  
token
capture_id
ip
hostname
country
city
lat
lng
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: (optional) Capture session to update in addition to the global list.
  • ip: The IP address being saved.
  • hostname: (optional) The associated hostname.
  • country: (optional) The country the IP is located in.
  • city: (optional) The city the IP is located in.
  • lat: The latitude of the IP address location.
  • lng: The longitude of the IP address location.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

pcap_ingest_file

This command is used to send a PCAP filename to AppPacCap so it can be ingested.

Parameters

                  
token
path
                  
                

  • token: (optional) The token value that gets returned during login.
  • path: The file path of the PCAP or PCAPNg file.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

pcap_ingest_post

This command is used to send a PCAP file through a form POST so it can be ingested.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

process_list_capture

This command is used to list all processes currently being captured.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf PROCESS
                  
                

process_list_running

This command is used to list all currently running processes.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf PROCESS
                  
                

process_list_threads

This command is used to list the threads associated with a process.

Parameters

                  
token
process_id
pid
flags
                  
                

  • token: (optional) The token value that gets returned during login.
  • process_id: The process id.
  • pid: The system process id.
  • flags: (optional) Returns all process threads if set to 1. Default is 0 which returns only live threads.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf THREAD
                  
                

search_cancel

This command is used to cancel a search operation.

Parameters

                  
token
search_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • search_id: The id of the search operation to cancel.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

search_delete

This command is used to cancel an active search (if running), and delete all results.

Parameters

                  
token
search_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • search_id: The id of the search operation to delete.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

search_export

This command is used to request an export of packet data to a PCAPNG file.

Parameters

                  
token
search_id
path
                  
                

  • token: (optional) The token value that gets returned during login.
  • search_id: Search id.
  • path: (optional) The full file path to write the exported data to. If blank, will write to the export directory in the installation folder.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = COMMAND
                  
                

search_list

This command is used to list all active and completed searches.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf SEARCHMETA
                  
                

search_open

This command is used to get information about a specific search request.

Parameters

                  
token
search_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • search_id: The id of the search operation.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = SEARCHMETA
                  
                

search_read

This command is used to query the results of a specific search operation and to retrieve results.

Parameters

                  
token
search_id
last_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • search_id: The id of the search operation.
  • last_id: (optional) The last search item id to query from. Default is 0..

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = SEARCHLIST
                  
                

search_start

This command is used to begin a search operation. Searches are async so results are not returned with this command.

Parameters

                  
token
filter
                  
                

  • token: (optional) The token value that gets returned during login.
  • q: The search filter.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = SEARCHMETA
                  
                

search_verify_filter

This command is used to verify if a search filter syntax is correct.

Parameters

                  
token
filter
                  
                

  • token: (optional) The token value that gets returned during login.
  • filter: The search filter string to verify.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = SEARCHSYNTAX
                  
                

server_folders

This command is used to query all installed themes.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf (string)
                  
                

server_pages

This command is used to query all pages associated with a specific theme.

Parameters

                  
token
theme_name
                  
                

  • token: (optional) The token value that gets returned during login.
  • theme_name: Name of theme query available pages.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf (string)
                  
                

settings_clear

This command is used to clear all user defined settings.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

settings_get_all

This command is used to get all user defined settings.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = dictionaryOf (string, string)
                  
                

settings_get_by_key

This command is used to query a specific setting by key name.

Parameters

                  
token
key_name
                  
                

  • token: (optional) The token value that gets returned during login.
  • key_name: Name of settings key.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_STRING
ReturnValue = value
                  
                

settings_set

This command is used to set a settings value by key name.

Parameters

                  
token
key_name
value
                  
                

  • token: (optional) The token value that gets returned during login.
  • key_name: Name of settings key to set.
  • value: Value to associate with key_name.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

stats_by_date

This command is used to date specific statistics.

Parameters

                  
token
capture_id
start_dtg
end_dtg
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • start_dtg: Start of date range in UTC filetime.
  • end_dtg: (optional) End of date range in UTC filetime.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
                  
                

stats_by_id

This command is used to query capture specific statistics.

Parameters

                  
token
capture_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
                  
                

stats_by_ip

This command is used to query IP specific statistics.

Parameters

                  
token
capture_id
ip
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • ip: IP address to query.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
                  
                

stats_by_port

This command is used to query port specific statistics.

Parameters

                  
token
capture_id
port
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • port: Port number to query.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
                  
                

stats_by_protocol

This command is used to protocol specific statistics.

Parameters

                  
token
capture_id
protocol
                  
                

  • token: (optional) The token value that gets returned during login.
  • capture_id: Capture id.
  • protocol: Layer 3 protocol number.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSCAPTUREQUERY
                  
                

stats_reset

This command is used to reset the statistic counters.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

stats_totals

This command is used to query system wide statistics.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = STATSQUERY
                  
                

trigger_add

This command is used to add a new trigger. Parameters are variable based on the trigger type.

Parameters

                  
token
name
trigger_type
...
TRIGGER_TYPE_ON_START
  path
  filter
  flags
                  
                

  • token: (optional) The token value that gets returned during login.
  • name: The name of the trigger..
  • trigger_type: Type of trigger..
  • TRIGGER_TYPE_ON_START

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

trigger_clear_actions

This command is used to clear all associated actions.

Parameters

                  
token
trigger_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • trigger_id: Trigger id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

trigger_get_actions

This command is used to get the list of actions associated with this trigger.

Parameters

                  
token
trigger_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • trigger_id: Trigger id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf ACTION
                  
                

trigger_set_action

This command is used to set an action to the trigger.

Parameters

                  
token
trigger_id
action_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • trigger_id: Trigger id.
  • action_id: Action id to set

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

trigger_list

This command is used to list all configured triggers.

Parameters

                  
token
                  
                

  • token: (optional) The token value that gets returned during login.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_JSON
ReturnValue = listOf TRIGGER
                  
                

trigger_mod

This command is used to modify an existing trigger.

Parameters

                  
token
trigger_id
filter
flags
                  
                

  • token: (optional) The token value that gets returned during login.
  • trigger_id: Trigger id.
  • filter: (optional) Filter string applied to the capture session started with this trigger. Will clear filter if blank or empty.
  • flags: Flags that control how the capture session works.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS
                  
                

trigger_remove

This command is used to delete a trigger.

Parameters

                  
token
trigger_id
                  
                

  • token: (optional) The token value that gets returned during login.
  • trigger_id: Trigger id.

On Success Returned Data

                  
ErrorCode = ERROR_SERVE_SUCCESS
DataType = DATA_TYPE_INT
ReturnValue = ERROR_SUCCESS