[Oisf-users] PCAP Stream

Philipp Braband phbraband at gmail.com
Thu May 2 06:29:39 UTC 2019


I'm trying to analyse a device which offers a PCAP stream for different
interfaces over TCP.  I already developed a python script which extracts
single packets out of the PCAP stream and saves every packet as a single
PCAP file in a specific folder.

I tried to use the --pcap-file-continous option to monitor this folder but
it seems that the analysis is very slow. Do you have any idee how to speed
this up? Or another solution to analyse a PCAP stream via suricata? And do
you know how to display the interface name i an alert? Like the "-I" option
in snort?

Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190502/3556bf48/attachment.html>

More information about the Oisf-users mailing list