mercury.cfg

# mercury.cfg
#
# configuration file for mercury packet metadata capture
#
# lines staring with '#' are comments; all other lines have the form
# <command> '=' <arg>, where <command> matches one of the command line
# options, and <arg> is interpreted as its argument.  Whitespace is
# ignored, as are unparseable lines.

# network interface for packet capture
capture     = ens33

# name of JSON output file or directory for fingerprints and metadata
fingerprint = fingerprint.json

# filter out packets based on protocol
#select      = dns,dhcp,dtls,tcp,http,tls,wireguard

# write out first tcp data field for each nonselected flow
# nonselected-tcp-data

# write out first udp data field for each nonselected flow
# nonselected-udp-data

# 'dns-json' causes DNS responses to be reported with full detail in JSON
# dns-json

# 'certs-json' causes certificates to be reported with full detail in JSON
# certs-json

# 'metadata' causes extensive metadata to be reported in JSON
# metadata

# after dropping root privileges, change to this user
user        = mercury

# set working directory (to which output files are written)
directory   = /usr/local/var/mercury

# set maximum number of lines in JSON output files before rotation
limit       = 1000000

# set the number of worker threads to the number of processor cores
threads     = cpu

# set the fraction of physical memory used for ring buffers
buffer      = 0.05

# perform analysis, include results in JSON output file
analysis    = 1

# set resource directory
# resources   = /usr/local/share/mercury/resources.tgz

# set verbosity to 0 for normal (quiet) mode, 1 for more info
verbosity   = 0

# set tls fingerprint format
format      = tls/1

# select tcp reassembly, for complete certificate chains
tcp-reassembly