erik4711
erik4711
> Yeah, thank you — there's useful detail in there: the connection might go in the other direction (so Zeek would have to listen to support that), In most deployments...
> seems like we should support this, but it's not clear whether it should go on the 5.1 pile still, and I was concerned that if you have a pressing...
It would be fantastic if there was a PCAP-over-IP PktSrc plugin in Zeek though.
Here's the tail from strace's output: ``` set_tid_address(0x7f1399d0eb90) = 11527 set_robust_list(0x7f1399d0eba0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f1398163cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f1398170980}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f1398163d50, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1398170980}, NULL, 8)...
Yes changing output dir to a writeable one with `-o` resolves the problem. Would it be possible to avoid throwing that exception when `-c` or `-C` is used together with...
Okay, thanks. I understand. You're right, I want to disable all file output and only push reassembled TCP to stdout. However, to my knowledge nothing is written to disk if...
> I've already emailed Netresec about that so they're aware -> it's rarely possible that everyone having this issue also has PacketCache running, but maybe another long forgotten piece of...
Most PCAP-over-TCP services will use IEEE 802.3 Ethernet (aka DLT_EN10MB) as the link_type, but it's best to assign the link type value dynamically based on the PCAP header. The first...
> Urrgh. After looking at a hexdump of the pcap file, and looking at https://www.netresec.com/?page=Blog&month=2022-10&post=What-is-a-PCAP-file again, I notice that what is being carried is a pcap save file, not a...
Thanks for the suggestion @emnahum! The [What is a PCAP file?](https://www.netresec.com/?page=Blog&month=2022-10&post=What-is-a-PCAP-file) blog post has now been updated to include the term "pcap savefile" and links have been added to the...