NAME

virani - PCAP fetch tool for use with FPCs that save to PCAP format.

SYNOPSIS

virani -s <start> -e <end> -f <filter> [-t <type>] [--set <set>] [--config <file>] [-w <output] [--nc]

virani -s <start> -e <end> [-t <type>] [--set <set>] [--config <file>] [-w <output] [--nc] <filter>

virani -r <remote> -s <start> -e <end> -f <filter> [-t <type>] [--set <set>] --config <file>] [-w <output] [--nc] [-a <apikey>] [-k]

virani -r <remote> -s <start> -e <end> [-t <type>] [--sett <set>] --config <file>] [-w <output] [--nc] [-a <apikey>] [-k] <filter>

DESCRIPTION

LOCAL

Will read in the config '/usr/local/etc/virani.toml' and search the specified PCAP dirs.

For information on the config, please see Virani.

REMOTE

When used with -r, it connects up to a remote location running mojo-virani.

If the item specified by that switch is a HTTP or HTTPS url it will use that for with Viarni::Client. Otherwise it will use that as part of a config file name or path to a config file. Searching in the order below.

$remote
$remote.toml
/usr/local/etc/virani.d/$remote
/usr/local/etc/virani.d/$remote.toml
/etc/virani.d/$remote
/etc/virani.d/$remote.toml

If a API key is needed, it is read in in the order below.

-a
$ENV{virani_api_key}
$config{apikey}

If using HTTPS, cert verification is read in the order below. '-k' is true and the rest are boolean.

-k
$ENV{VIRANI_VERIFY_HOSTNAME}
$ENV{HTTPS_VERIFY_HOSTNAME}
$ENV{PERL_LWP_VERIFY_HOSTNAME}
$config{verify_hostname}

FLAGS

-r <remote>

Remote URL or config file for remote info.

-a <apikey>

API key for remote URL if needed.

-f <filter>

Filter for use with tshark or tcpdump.

If this is undef, ARGV will be used instead for filter info.

If filter points to a file, teasted via -f, then that file will be read in and used the filter.

-t <type>

tcpdump, tshark, or bpf2tshark

If not specified will default to what ever the default is for that set.

--set <set>

Set to use. If undef, uses whatever the default is.

Default :: undef

--config <config>

Config file to use.

Default :: /usr/local/etc/virani.toml

-s <timestamp>

Start timestamp. Any format supported by

Time::Piece::Guess is usable.

-e <timestamp>

End timestamp. Any format supported by

Time::Piece::Guess is usable.

-w <output>

The file to write the PCAP to.

Default :: out.pcap

--nc

If cached, do not use it.

-k

Do not check the SSL cert for HTTPS for remote.

--buffer <seconds>

Apply this many seconds before and after the start time.

Default: undef