search
PricingSign inRequest a Demo

Packet Capture

The Packet Capture (PCAP) source captures network packets and emits them as OpenTelemetry logs. It uses system-native tools (tcpdump on macOS/Linux, Npcap on Windows) to capture packets directly from a network interface.

hashtag
Supported Platforms

Platform
Metrics
Logs
Traces

macOS

Linux

Windows

hashtag
Prerequisites

hashtag
macOS/Linux

Tool: tcpdump is pre-installed on macOS and most Linux distributions. To verify:

tcpdump --version

hashtag
Windows

Tool: Requires Npcap driver (included with Wireshark, or install standalone from https://npcap.com/).

  • Install Npcap: https://npcap.com/ (or install Wireshark which includes Npcap)

  • List interfaces using PowerShell or the Npcap SDK tools

  • Interface names on Windows use Npcap device paths (e.g., \Device\NPF_{GUID})

hashtag
Configuration Table

Parameter
Type
Default
Description

network_interface

string

""

Network interface to capture packets from.

filter

string

""

BPF (Berkeley Packet Filter) expression to filter packets.

parse_attributes

bool

true

The path to the dumpcap executable. Windows only (ignored on other platforms).

snaplen

int

65535

Maximum bytes to capture per packet (64-65535).

promiscuous

bool

true

Enable promiscuous mode to capture all network traffic.

hashtag
Interface Names

To list available interfaces on macOS/Linux:

To list available interfaces on Windows:

If you have Wireshark installed, use the dumpcap executable:

Otherwise, use Get-NetAdapter:

This result will have the interface names, but not in the Npcap format that the receiver expects. To convert it to the correct format, insert \NPF_

hashtag
BPF Filters

BPF filters allow you to capture only specific traffic. Examples:

BPF filter syntax reference: tcpdump manualarrow-up-right

PreviousOracle DatabaseNextPgBouncer

Last updated

Was this helpful?