netwitness-packets-batch
Fetch packets from Netwitness Decoder
netwitness-packets-batch profile=PROFILE [pretty=PRETTY]
- profile=PROFILE
- The identifier of NetWitness connect profile
- pretty=PRETTY
- t for human readable ASCII output
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | |
| session | Long | Session ID | Session ID of NetWitness |
| src_mac | String | Source MAC | |
| dst_mac | String | Destination MAC | |
| src_ip | IP address | Source IP | |
| src_port | Integer | Source port | |
| dst_ip | IP address | Destination IP | |
| dst_port | Integer | Destination port | |
| protocol | String | Protocol | |
| size | Long | Size | Original packet length |
| payload | BLOB | Payload | Binary or hex string |
| ascii | String | ASCII view | Payload as ASCII |