You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, the only way to associate a packet capture with the context from which the packets were captured is using the file name generated by tracee. This only gives us the container/PID/command, and nothing more.
The network events from which the packets are obtained include much more context. This context should be added to the PCAP file.
A possible implementation involves generating an interface description (see if_description option of Interface Description Block) for each capture file that contains all context that is shared between all packets of that capture file. The description can be in any text format, JSON being probably the best option.
The text was updated successfully, but these errors were encountered:
Right now, the only way to associate a packet capture with the context from which the packets were captured is using the file name generated by tracee. This only gives us the container/PID/command, and nothing more.
The network events from which the packets are obtained include much more context. This context should be added to the PCAP file.
A possible implementation involves generating an interface description (see
if_descriptionoption of Interface Description Block) for each capture file that contains all context that is shared between all packets of that capture file. The description can be in any text format, JSON being probably the best option.The text was updated successfully, but these errors were encountered: