[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] PCAP
From: jswan <sanjuanswan () gmail ! com>
Date: 2015-05-29 2:32:31
Message-ID: 31e5bbb8-c7de-4ed1-9e91-7c543f0e6b66 () googlegroups ! com
[Download RAW message or body]
Here's one way I do this. From /nsm/.../dailylogs:
find [your find args here] | xargs -I {} tcpdump -r {} host a.b.c.d -w \
/tmp/{}-extracted.pcap
cd /tmp
mergecap -w all.pcap *extracted.pcap
Now your aggregated FPC is in all.pcap.
You can use the arguments to the find command to grab all the FPC files in the time \
range that interests you. You could also use a more complex BPF than "host a.b.c.d" \
if you need to.
--
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic