Tutorial: Tranalyzer2 Configuration Cheatsheet
Contents
This cheatsheet summarises the most important configuration flags available for Tranalyzer2.
List of important Tranalyzer2 configuration flags
Basics
| Constant | Meaning | File |
|---|---|---|
ETH_ACTIVATE |
Handling of layer 2 flows | networkHeaders.h |
IPV6_ACTIVATE |
IP version(s) to dissect | networkHeaders.h |
T2_HDRDESC_AGGR |
Aggregate repetitive headers, e.g., vlan{2} instead of vlan:vlan |
networkHeaders.h |
T2_PRI_HDRDESC |
Keep track of the headers traversed | networkHeaders.h |
GRE |
Activate GRE processing | tranalyzer.h |
IPIP |
Activate IPv4/6 in IPv4/6 processing | tranalyzer.h |
L2TP |
Activate L2TP processing | tranalyzer.h |
TEREDO |
Activate Teredo processing | tranalyzer.h |
VERBOSE |
Verbose level of final report | tranalyzer.h |
Packet Mode
| Constant | Meaning | File |
|---|---|---|
SPKTMD_PKTNO |
Print packet number | main.h |
SPKTMD_PCNTC |
Print L7 content as characters (-s option) |
main.h |
SPKTMD_PCNTH |
Print L7 content as hex (-s option) |
main.h |
Interface
| Constant | Meaning | file |
|---|---|---|
ENABLE_IO_BUFFERING |
Input buffering (store packets in a queue) | ioBuffer.h |
HASHFACTOR |
Default multiplication factor for HASHTABLE_BASE_SIZE |
tranalyzer.h |
HASH_CHAIN_FACTOR |
Default multiplication factor for HASHCHAINTABLE_BASE_SIZE |
tranalyzer.h |
Monitoring
| Constant | Meaning | File |
|---|---|---|
PLUGIN_REPORT |
enable plugins to contribute to Tranalyzer command line end report | tranalyzer.h |
DIFF_REPORT |
Absolute/differential Tranalyzer command line USR1 report | tranalyzer.h |
MACHINE_REPORT |
Human/machine compliant report | tranalyzer.h |
MONINTTHRD |
Threaded interrupt handling: default | main.h |
MONINTBLK |
Non-threaded, block interrupts during packet processing | main.h |
MONINTPSYNC |
Synchronized print statistics | main.h |
MONINTTMPCP |
Time-base for monitoring | main.h |
MONINTTMPCP_ON |
Automatic start of monitoring | main.h |
MONINTV |
Interval (seconds) of monitoring output | main.h |
MONPROTMD |
Output protocol numbers or names | main.h |
Alarm Mode
| Constant | Meaning | File |
|---|---|---|
ALARM_MODE |
Only flow output if an alarm based plugin fires | tranalyzer.h |
ALARM_AND |
Logical operation of all alarm based plugins (AND/OR) | tranalyzer.h |
Force Mode
| Constant | Meaning | File |
|---|---|---|
FORCE_MODE |
Parameter induced flow termination, implemented by plugins | tranalyzer.h |
Flow Aggregation
| Constant | Meaning | File |
|---|---|---|
AGGREGATIONFLAG |
Flow aggregation | tranalyzer.h |
DSTPORTHW |
Dst port upper bound | tranalyzer.h |
DSTPORTLW |
Dst port lower bound | tranalyzer.h |
SRCPORTHW |
Src port upper bound | tranalyzer.h |
SRCPORTLW |
Src port lower bound | tranalyzer.h |
Flow Timeout
| Constant | Meaning | File |
|---|---|---|
FDURLIMIT |
Flow duration limitation | tranalyzer.h |
FDLSFINDEX |
Same findex for early duration limited flows | tranalyzer.h |
FLOW_TIMEOUT |
Standard flow timeout | tranalyzer.h |
SCTP
| Constant | Meaning | File |
|---|---|---|
SCTP_ACTIVATE |
Activate SCTP streams -> flows | tranalyzer.h |
SCTP_STATFINDEX |
Findex increments or constant for all SCTP streams in a packet | tranalyzer.h |
Geolocation
| Constant | Meaning | File |
|---|---|---|
CNTYCTY |
Output county and city | subnetHL.h |
SUBNET_ON |
Enable subnet functions | subnetHL.h |
SUBRNG |
IP range definition | subnetHL.h |
Packet length statistics
| Constant | Meaning | File |
|---|---|---|
PACKETLENGTH |
controls L2-7 length included in packet->packetLength |
packetCapture.h |
FRGIPPKTLENVIEW |
IP header added in 2nd fragment in packet->packetLength |
packetCapture.h |
Multiple file I/O
| Constant | Meaning | File |
|---|---|---|
MFPTMOUT |
Timeout for poll timing > POLLTM |
tranalyzer.h |
RROP |
Round robin operation | tranalyzer.h |