Getting started with PCAP upload↑

The AQG Network Analyzer can process packet capture (PCAP) files to detect cryptographic objects within network captures.

Tip

The AQG Network Analyzer also includes the yanadump tool that can be deployed as a standalone and portable Linux binary to prepare live network traffic for analysis. Refer to Getting started with live network traffic monitoring for details.

Create a PCAP file↑

You can use your preferred network sniffer to produce a PCAP file. For instance, to create a PCAP file using tcpdump, run:

tcpdump -w file.cap

This tutorial provides more information on using tcpdump.

The AQG Network Analyzer can also process packet capture data through integrations with popular network security and monitoring platforms.

Upload a PCAP file↑

To upload a PCAP file to AQtive Guard:

Select Settings from the main menu on the left.
In the Create Uploader Token tile, select Create.
Copy the provided token to a secure place.
Use the code below to push a PCAP file to AQtive Guard.

export AQG_API_TOKEN='xxxxx'

# Parse and upload a trace to AQG
./yanadump --file capture.pcap --api-url https://API.AQG.DOMAIN/

# Optionally parameterize upload
# --slot-id “slt_<32-hex-nibbles>”

In the above query:

xxxxx is the is the token provided earlier in step 3.
https://API.AQG.DOMAIN/ is the base URL of the AQtive Guard instance, eg. https://your-domain.aqtiveguard.sandboxaq.com.