This section describes how to export raw network traffic in PCAP format using the command line.
To export raw network traffic in PCAP format using the command line
Start a command prompt and navigate to the installation directory of Safeguard Desktop Player.
By default, the installation directories on the different operating systems are the following:
-
On Microsoft Windows platforms: C:\Documents and Settings\<username>\Software\Safeguard\Safeguard Desktop Player\
-
On Linux: ~/SafeguardDesktopPlayer
-
On MacOS: /Applications/Safeguard Desktop Player.app/Contents/Resources/
-
List the channels in the audit trail, and find the ones that you want to export. Note down the ID number of the channels as it will be required later on (it is 3 in the following example).
-
Windows: adp.exe --task channel-info --file <path/to/audit-trail.zat>
-
Linux or MacOS: ./adp --task channel-info --file <path/to/audit-trail.zat>
If the audit trail is encrypted, use the --key <keyfile.pem:passphrase> option. Repeat the option if the audit trail is encrypted with multiple keys. Include the colon (:) character even if the key is not password-protected. Example output:
Channel information : ssh-session-exec-scp:3
-
-
Export the channels from the audit trail. Use the ID numbers of the channels from the previous step.
-
Windows: adp.exe -f <path/to/audit-trail.zat> -c <channel id> -t indexer --export-pcap output.pcap
-
Linux or MacOS: adp -f <path/to/audit-trail.zat> -c <channel id> -t indexer --export-pcap output.pcap
If the audit trail is encrypted, use the --key <keyfile.pem:passphrase> option. Repeat the option if the audit trail is encrypted with multiple keys. Include the colon (:) character even if the key is not password-protected.
-
-
Check the output directory for the exported files.