Investigating Using Forensic Packet Captures
PCAP Retention Configuration
In SSL/TLS traffic, data packets are encrypted and are not very useful for Awake analysis. In an environment with lots of TLS traffic, this leads to unnecessarily fast growth of packet stores.
If the analyst does not need such encrypted data packets, the sysadmin can set an option to drop encrypted data. This can greatly boost retention intervals. When this is enabled, the UI will indicate that packet data is truncated.
The application supports storing metadata across multiple Nucleus setups by sending multiple streams of data from the sensor. This allows the end user to access the metadata if the primary cluster is not available.