i have a weird edge case, to my understanding is that n2disk index have information (metadata) about a packet and using it solely can bring visibility of the traffic, please correct if im wrong.

one more thing, i want to run n2disk with only index being written and not dump pcaps too. Thank you

@0xSensei it seems what you need is not n2disk but nProbe or nProbe Cento, as they are able to dump xdr records out of traffic to text files or to databasea / bigdata systems or send to collectors for visualization.