Powered by Zoomin Software. For more details please contactZoomin

Flowmon FPI User Guide

Table of Contents

New Recording

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 14, 2026
  • 5 minute read
    • Flowmon Products
    • Flowmon Packet Investigator
    • Documentation

Click New Recording to open a tab with a form for creating a new recording, as shown in the following figure.

New Recording tab
New Recording tab


To create a new recording, you can specify the following information:

  • Group - Denotes the group that requested the recording (only this group has the rights to download the recorded data). The group disk quota and remaining quota space are shown at the top of the page.

  • Interval - Indicates the task start time and task stop time.

  • Recording ID - A unique identifier of the recording within the scope of the group (at most 25 characters: a..z, A..Z, 0..9, -, _, .).

  • Description - Allows you to add an optional description of the recording, for example, the purpose.

  • Probes - You can choose which of the connected probes will make the recording. By default, all probes are selected. You can use the dropdown menu to change this setting. A dialog will appear, as shown in the following Probe selection figure.


Probe selection dialog
Probe selection dialog


  • Split mode - Specifies whether to save the packets from all probes into one file, or into a separate file for each probe.

  • Rotate - Enables rotation of recording files to prevent disk space exhaustion. The oldest files are deleted and replaced by the newer data when the specified quota is exceeded.

  • Analyze recording - Ensures that the PCAP analysis starts right after the recording is finished. When enabled, the Analyze the following protocols option becomes available; see the Starting the analysis after the recording is finished figure below. This menu allows you to select which protocols should be displayed when the analysis is complete. The selection can be changed even after the analysis has been completed. For more detailed information about the PCAP analysis, refer to the Analysis section.


Starting analysis after the recording is finished
Starting analysis after the recording is finished


When you click Start Recording at the bottom of the page, the recording is submitted. If everything is set correctly, the system shows a green message informing you that your recording has been successfully created. It will be added to the list of recordings.

  • Rules - These fields are used to add rules on the link, network, or transport layer, or the application layer. A simple rule can be one of the following options:

Simple rule syntax

[src|dst] mac <MAC>
[src|dst] ip <IP>[/<mask>]
[src|dst] port <PORT>
proto tcp|udp
[inner|outer] mpls <MPLS tag>
[inner|outer] vlan <VLAN tag>
icmp v4|v6
sip "<URI (sub)string>"

You can modify these rules by using the not operator that negates the rule. The rules can also be combined into composite rules with the and and or conjunctions. You can also enclose the rules in brackets and use the not operator and the and or or conjunctions with whole composite rules. The following are some examples of composite rule combinations (a simple rule is substituted with RULE):


Composite rule examples

RULE and RULE and ...
not RULE and RULE
not (RULE or not RULE)
RULE and (RULE or RULE)
RULE or (RULE and not (RULE or RULE))

These combinations have certain limitations. The type of rule you want to use (for example, mac, ip, or vlan) must have corresponding filtering criteria enabled on the target probes. All rule types have their own filtering criteria, except for the proto rule, which is dependent on the port filtering criteria. Additionally, there can be only one application layer rule per composite or simple rule. You can set up more rules by clicking the plus sign under the rule text array, as shown in the New recording figure. Both simple and composite rules defined this way behave the same as if combined using the or conjunctions; see the Setting multiple rules figure below. To remove one of the text arrays, click the trash bin icon to the right of the text array.

You can also use a context menu that suggests the possible keywords when writing a rule.


Setting multiple rules
Setting multiple rules


New recording from PCAP

Clicking the New Recording From PCAP tab on the New Recording page displays a brief form that enables you to upload PCAP files to the Collector, as shown in the following figure.


New Recording From PCAP tab
New Recording From PCAP tab


There are several items to fill out:

  • Group - Specifies under which FPI group the PCAP should be uploaded.

  • Select file - Select a PCAP, CAP, or PCAPNG file from your local computer that you want to upload.

  • Recording ID - Defines a unique identifier of the recording. By default, it is a combination of the PCAP file name and a hash string, but this can be changed.

  • Description - Allows you to add an optional description of what is in the uploaded PCAP file.

  • Analyze recording - Just like when starting a new recording (described earlier in the New Recording section), this option ensures that the PCAP analysis is started right after the upload is finished.

When the upload is finished, a new recording with the corresponding name appears on the Recordings page. Ensure that the size of the PCAP file you want to upload does not exceed the quota of the assigned group. PCAP files are not rotated automatically and can only be deleted manually from the Recordings page.

Note:

Maximum PCAP file size is limited to 1 GiB. However, for the best analysis performance, it is recommended to upload smaller files.

TitleResults for “How to create a CRG?”Also Available inAlert