The PCAPs API needs both system and type to be specified to start a capture. A PCAP’s system is the product or logical subsystem where packets are captured, and a PCAP’s type is how the captured packets are built into a PCAP file.

Currently, you can only send one collect request per minute for simple PCAPs, and you can only have one running or pending full PCAP at a time. Full PCAP For full PCAP requests, refer to the required parameters listed at Create full PCAP requests API link label Open API docs link . Note that full packet captures require two more parameters than simple packets. The full PCAP request endpoint also contains optional fields you can use to limit the amount of packets captured. Both full and simple packet requests contain an optional filter_v1 parameter you can use to filter packets by IPv4 Source address, for example. For a full list of the filter options, refer to the parameter lists above. Leave filter_v1 empty to collect all packets without any filtering. Full PCAP example request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/pcaps \ --header 'Content-Type: application/json' \ --header "X-Auth-Email: <YOUR_EMAIL>" \ --header "X-Auth-Key: <API_KEY>" \ --data '{ "filter_v1": {}, "time_limit": 300, "packet_limit": 10000, "byte_limit": 100000000, "type": "full", "colo": "ORD", "system": "magic-transit", "destination_conf": "${BUCKET}" }' While the collection is in progress, the response returns the status field as pending . You must wait for the PCAP collection to complete before downloading the file. When the PCAP is ready to download, the status changes to success . Full PCAP example response { "result": { "id": "7d7c88382f0b4d5daa9587aa45a1a877", "submitted": "2022-06-02T18:38:22.269047Z", "filter_v1": {}, "time_limit": 300, "status": "pending", "type": "full", "system": "magic-transit", "packet_limit": 10000, "byte_limit": 100000000, "colo": "ORD", "destination_conf": "gs://test-magic-pcaps" }, "success": true, "errors": [], "messages": [] } Simple PCAP To create a simple PCAP request, send a JSON body with the required parameter listed at Create simple PCAP request API link label Open API docs link . Leave filter_v1 to collect all packets without any filtering. Simple PCAP example request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/pcaps \ --header 'Content-Type: application/json' \ --header 'X-Auth-Email: <YOUR_EMAIL>' \ --header 'X-Auth-Key: <API_KEY>' \ --data '{ "filter_v1": { "source_address": "1.2.3.4", "source_port": 123, "destination_address": "5.6.7.8", "destination_port": 80, "protocol": 6 }, "time_limit": 300, "packet_limit": 10000, "type": "simple", "system": "magic-transit" }' The response is a JSON body that contains the details of the job running to build the packet capture. The response contains a unique identifier for the packet capture request along with the details sent in the request. Simple PCAP example response { "result": { "id": "6d1f0aac13cd40e3900d29f5dd0e8a2b", "submitted": "2021-12-20T17:29:20.641845Z", "filter_v1": { "source_address": "1.2.3.4", "source_port": 123, "destination_address": "5.6.7.8", "destination_port": 80, "protocol": 6 }, "time_limit": 60, "status": "pending", "packets_remaining": 0, "type": "simple", "system": "magic-transit" }, "success": true, "errors": [], "messages": [] }