ExaCapture, part of the Vantage Platform, is the enterprise capture daemon for persistent, high-volume packet recording at the network edge. Captures, indexes, and analyzes inline. Serves multiple analysts simultaneously. The packets never leave the server.
Copyright (c) 2025 Sly Technologies Inc. Type 'help' for commands, Tab for completion, Ctrl-C to cancel > show status ExaCapture Daemon Status 2026-02-27 13:12:50 State Running Uptime 14d 3h 22m PID 4821 Version ExaCapture v1.0.0 Host dco-server1 Captures 3 (1 recording, 2 complete) Clients 2 connected Interfaces eth0, eth1 CPU 12% Memory 48 / 128 GB (37%) Disk 2.1 / 8.0 TB (26%) Net I/O 42 Gbps in, 1.2 Gbps out > discover Scanning... ● localhost:9800 ExaCapture v1.0.0 ● lab-server.internal:9800 ExaCapture v1.0.0 ○ prod-tap-east.acme.com:9800 offline Found 2 servers (1 offline) > show sessions USER LEVEL ADDRESS CONNECTED VIEWING ───────────────────────────────────────────────────────── sarah 8 10.0.0.50 2h 14m live-perimeter mike 5 10.0.0.51 45m live-perimeter > show captures CAPTURE STATE SIZE PACKETS RATE STARTED ──────────────────────────────────────────────────────────────────────────────── live-perimeter recording 127.4 GB 142,847,293 1.2 Gbps Dec 20 08:00 incident-1217.cap complete 847 MB 1,247,892 - Dec 17 02:14 baseline.cap complete 12.1 GB 24,847,123 - Dec 1 00:00 > help Vantage Query Quick Reference Status & Info show status Daemon status overview show captures List all captures show capture <name> Capture details show interfaces Network interfaces show stats Performance metrics show errors Error summary show sessions Connected users show servers Discovered servers show env Environment variables Data Queries show packets [where <filter>] Query packets show flows [where <filter>] Query flows show streams [where <filter>] Query reassembled streams Capture Management capture start <name> [options] Start new capture capture stop <name> Stop capture capture resume <name> Resume paused capture capture delete <name> Delete capture
800 Gbps sustained with DPDK and Napatech support. Zero-copy, NUMA-aware. Multiple interfaces aggregated.
Security levels 0–20 enforced at capture time. PII/IMSI obfuscation. Policy-driven encryption. Air-gap support.
SIX and DIX indexes built live. Metadata tokens for fast lookup. No post-processing delay.
Install the package. Start the daemon. ExaCapture runs as a systemd service with automatic restart, log rotation, and health monitoring.
Configuration via YAML config file or command-line arguments. Prometheus metrics endpoint for integration with your existing monitoring infrastructure.
Deploy on your datacenter tap. Your cloud gateway. Your SOC sensor. ExaCapture runs continuously without human intervention. When something happens, the data is already there — part of the Vantage Platform ecosystem.
# Install $ apt install exacapture # Start as daemon (systemd) $ systemctl enable exacapture $ systemctl start exacapture # Or start manually $ exacapture start \ --interface eth0,eth1 \ --output /captures/ \ --retention 90d \ --security-level 5 # Check status $ exacapture status ExaCapture v1.0.0 - running Uptime: 14d 3h 22m Captures: 3 | Clients: 2 Disk: 2.1/8 TB (26%) # Enter interactive console $ exacapture console
ExaViewer ExaCapture View and analyze Capture and index Perpetual license Subscription per server │ │ └────────────┬────────────┘ │ Same dashboard Same discovery Same security model Same analysis tokens │ ▼ Vantage Platform (2026) Federate and scale Exabyte-scale capture Global cluster management
Start with ExaViewer and local files. Add ExaCapture when you need persistent infrastructure. Scale to Vantage Platform when you're managing petabytes across continents. ExaViewer, ExaCapture, and ExaVolume all run on jNetWorks.
Schedule a demo or talk to our team about deployment.