AppPacCap

Application Packet Capture: A better way to PCAP.

Triggers and Actions

AppPacCap supports custom triggers and actions in order to allow additional flexibility.

Triggers are used to initiate the start of a capture session. Currently, AppPacCap only supports triggers based on when a program starts.

Actions are the things that occur at the end of a capture session. Actions can be system-wide or tied to a specific trigger. AppPacCap supports two types of actions currently.

Triggers

  • On process start
    • This trigger will initiate a capture session when a specific process is executed. The capture session can be system wide or tied to the trigger process. Only 1 system wide capture can run at a time but multiple process specific captures can run simultaneously.

Actions

  • Execute a process
    • When a capture session ends, either from user action or from the process closing, AppPacCap can execute another program and passing it various information through its command line.
  • Export the packet data
    • When a capture session ends, either from user action or from the process closing, AppPacCap can automatically export the captured data to a PCAPNg file. Because actions run sequentially, the output file of this action can be passed to an execute process action for example.