Powered by Zoomin Software. For more details please contactZoomin

Flowmon FPI User Guide

Table of Contents

New Recording

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 5, 2026
  • 4 minute read
    • Flowmon Products
    • Flowmon Packet Investigator
    • Documentation

Clicking New Recording displays the New Recording tab with a form to create new recordings, as shown in the New recording figure below.

New Recording tab


The following information must be entered to successfully create a new recording:

  • Group - denotes the group that requested the recording (only this group has the rights to download the recorded data). The group disk quota and remaining quota space is shown at the top of the page.

  • Interval - indicates the task start time and task stop time.

  • Recording ID - unique identifier of the recording (at most 25 characters, a..z, A..Z, 0..9, -, _, .).

  • Description - allows you to add an optional description of the recording, for example, the purpose.

  • Probes - you can choose which of the connected probes will make the recording. The default option is All probes. You can use the dropdown menu to change this setting. A dialog will appear, as seen in the Probe selection figure below.


Probe selection dialog
Probe selection dialog


  • Export type - defines how the recording should be saved; always set to PCAP.

  • Split mode - specifies whether to save the packets from all probes into one file, or into a separate file for each probe.

  • Rules - these fields are for adding rules on the link/network/transport layer or the application layer. A simple rule can be one of the following:


Simple rule syntax
[src|dst] mac <MAC>
[src|dst] ip <IP>[/<mask>]
[src|dst] port <PORT>
proto tcp|udp
[inner|outer] mpls <MPLS tag>
[inner|outer] vlan <VLAN tag>
icmp v4|v6
sip "<URI (sub)string>"

These rules can be modified by using the not operator that negates the rule. The rules can also be combined into composite ones with the and and or conjunctions. The rules can also be enclosed in brackets and use the not operator and the and/or conjunctions with whole composite rules. Here are some examples of composite rule combinations (a simple rule is substituted with RULE):


Composite rule examples
RULE and RULE and ...
not RULE and RULE
not (RULE or not RULE)
RULE and (RULE or RULE)
RULE or (RULE and not (RULE or RULE))

These combinations have certain limitations. The type of rule you want to use (for example, mac, ip, vlan) must have corresponding filtering criteria enabled on the target probes. All rule types have their own filtering criteria, except for the proto rule, which is dependent on the port filtering criteria. Additionally, there can only be one application layer rule per composite or simple rule. You can set up more rules by clicking the plus sign under the rule text array, as shown in the New recording figure. Both simple and composite rules defined this way behave the same as if combined using the or conjunctions; see the Setting multiple rules figure below. To remove one of the text arrays, click the trashbin icon to the right of the text array.

You can also use a context menu which suggests the possible keywords when writing a rule.

The Analyze recording option ensures that the PCAP analysis starts right after the recording is finished. When enabled, the Analyze the following protocols option becomes available; see the Starting the analysis after the recording is finished figure below. This menu allows you to select which protocols should be displayed when the analysis is complete. The selection can be changed even after the analysis has been completed. For more detailed information about the PCAP analysis, refer to the Analysis section.


Starting analysis after the recording is finished
Starting analysis after the recording is finished


When you click Start Recording at the bottom of the page, the recording is submitted. If everything is set correctly, the system shows a green message informing you that your recording has been successfully created. It will be added to the list of recordings.


Setting multiple rules
Setting multiple rules


New Recording From PCAP

Clicking the New Recording From PCAP tab on the New Recording page displays a brief form that enables you to upload PCAP files to the collector, as shown in the New recording from PCAP figure below.


New Recording From PCAP tab
New Recording From PCAP tab


There are several items to be filled out:

  • Group - specifies under which FPI group the PCAP should be uploaded.

  • Select file - select a PCAP, CAP, or PCAPNG file from your local computer, that you want to upload.

  • Recording ID - defines a unique identifier of the recording. By default it is a combination of the PCAP file name and a hash string, but this can be changed.

  • Description - allows you to add an optional description of what is in the uploaded PCAP file.

  • Analyze recording - just like when starting a new recording (described in the New Recording section) this option ensures that the PCAP analysis is started right after the upload is finished.

When the upload is finished, a new recording with the corresponding name appears on the Recordings page. We recommend ensuring that the size of the PCAP file you want to upload does not exceed the quota of the assigned group.

TitleResults for “How to create a CRG?”Also Available inAlert