ctome
/
tldr
mirror of https://github.com/CrimsonTome/tldr.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

zeek: add page (#5453)

add-set-more-info-link.py
marchersimon 2021-03-18 01:52:43 +01:00 committed by GitHub
parent e597948273
commit 443a6d224b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
pages/common/zeek.md Normal file
View File

@ -0,0 +1,29 @@
# zeek
> Passive network traffic analyser.
> Any output and log files will be saved to the current working directory.
> More information: <https://docs.zeek.org/en/lts/quickstart.html#zeek-as-a-command-line-utility>.
- Analyze live traffic from a network interface:
`sudo zeek --iface {{interface}}`
- Analyze live traffic from a network interface and load custom scripts:
`sudo zeek --iface {{interface}} {{script1}} {{script2}}`
- Analyze live traffic from a network interface, without loading any scripts:
`sudo zeek --bare-mode --iface {{interface}}`
- Analyze live traffic from a network interface, applying a `tcpdump` filter:
`sudo zeek --filter {{path/to/filter}} --iface {{interface}}`
- Analyze live traffic from a network interface using a watchdog timer:
`sudo zeek --watchdog --iface {{interface}}`
- Analyze traffic from a `pcap` file:
`zeek --readfile {{path/to/file.trace}}`