Packet Captures (tcpdump)¶
Surfmeter Automator allows you to capture network packets during a study using tcpdump.
Download tcpdump through your package manager. On Ubuntu, run:
Now we need to modify the permissions so that Automator can run it without root privileges. Run the following commands:
sudo groupadd pcap
sudo usermod -a -G pcap $USER
sudo chgrp pcap /usr/sbin/tcpdump
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
sudo ln -s /usr/sbin/tcpdump /usr/bin/tcpdump
Note that this will not persist across upgrades of the tcpdump package. If you upgrade tcpdump, you will need to run the above commands again.
tcpdump is already part of our Docker image! 
Now, with the following flag, a tcpdump recording can be made during a study:
This will record data on any interface and write the output to PCAP file in your system's temporary directory. The path to the file will be printed in the log, and it is in the format:
Use --tcpDumpDir to set a different directory.
Tip
You will find the name of the PCAP file in the metadata.surfmeter.tcpDumpFilename field of the report, and also through our API, so you can later identify it more easily.
Note that this feature is not available for Surfmeter Automator 1.37.2 and below.