I am trying to setup Trisul so that it only captures packets on port 53, 80 and 8080. I do not seem to be capturing any traffic. Here are some of the settings I have in trisulconfig.xml file. Am I missing a setting or have a typo?
<Ring>
<Enabled>True</Enabled>
<BaseDir>/usr/local/var/lib/trisul/CONTEXT0/caps</BaseDir>
<Encryption>AES-128-CTR</Encryption>
<PassphraseFile>/usr/local/etc/trisul/certs/ringpass.txt</PassphraseFile>
<FilePrefix>RCF_</FilePrefix>
<FileSizeMB>1000</FileSizeMB>
<SyncSeconds>60</SyncSeconds>
<SysStatsUpdateSecs>2</SysStatsUpdateSecs>
<DefaultMode>IGNORE</DefaultMode>
<RuleChain>
<Rule mode="FULL">{C51B48D4-7876-479E-B0D9-BD9EFF03CE2E}=p-0050,p-1F90,p-0035</Rule>
<Rule mode="FLOWCAP10M"></Rule>
<Rule mode="FLOWCAP1M"></Rule>
<Rule mode="FLOWCAP100K"></Rule>
<Rule mode="FLOWCAP10K"></Rule>
<Rule mode="HEADERS"></Rule>
<Rule mode="IGNORE"></Rule>
</RuleChain>