PCAP

the swimlane pcap connector allows turbine to analyze, extract ips, and carve ips from pcap files prerequisites the swimlane pcap connector does not require an asset capabilities the swimlane pcap connector has the following capabilities analyze pcap carve ips from string extract ip's from pcap actions analyze pcap extract packet metadata from pcap file input argument name type required description attachments array required pcap file file name string required name of the resource file string required parameter for analyze pcap limit number optional maximum number of packets to return output parameter type description packets array output field packets destination ip string output field destination ip destination mac string output field destination mac protocol string output field protocol source ip string output field source ip source mac string output field source mac timestamp string output field timestamp example \[ { "packets" \[ {} ] } ] carve ips parse input text for all ip addresses input argument name type required description input text string required comma separated ip addresses output parameter type description ips array output field ips example \[ { "ips" \[] } ] extract ips pcap find and return all source and dest ips found in pcap input argument name type required description attachments array required pcap file txt file name string required name of the resource file string required parameter for extract ips pcap limit number optional maximum number of packets to return output parameter type description ips array output field ips example \[ { "ips" \[] } ]