https://inliniac.net/blog/tag/pcap/ Recent content in Pcap on Inliniac Hugo en Tue, 25 Mar 2014 14:37:46 +0000 https://inliniac.net/blog/2014/03/25/suricata-2-0-and-beyond/ Tue, 25 Mar 2014 14:37:46 +0000 https://inliniac.net/blog/2014/03/25/suricata-2-0-and-beyond/ <p>Today I finally <a href="http://suricata-ids.org/2014/03/25/suricata-2-0-available/">released Suricata 2.0</a>. The 2.0 branch opened in December 2012. In the little over a year that it&rsquo;s development lasted, we have closed 183 tickets. We made 1174 commits, with the following stats:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>582 files changed, 94782 insertions(+), 63243 deletions(-) </span></span></code></pre></div><p>So, a significant update! In total, 17 different people made commits. I&rsquo;m really happy with how much code and features were contributed. When starting Suricata this was what I really hoped for, and it seems to be working!</p> https://inliniac.net/blog/2012/11/29/closing-in-on-suricata-1-4/ Thu, 29 Nov 2012 16:50:15 +0000 https://inliniac.net/blog/2012/11/29/closing-in-on-suricata-1-4/ <p><img src="https://inliniac.net/blog/blog/wp-content/uploads/2012/07/suricata2.png" alt="">I just made <a href="http://suricata-ids.org/2012/11/29/suricata-1-4rc1-available/">Suricata 1.4rc1</a> available with some pretty exciting features: unix socket mode and IP reputation.</p> <p><strong>Unix socket</strong></p> <p>First of all, <a href="https://home.regit.org/2012/09/a-new-unix-command-mode-in-suricata/">Eric Leblond&rsquo;s work</a> on the Unix socket was merged. The unix socket work consists of two parts. The unix socket protocol implementation and a new runmode.</p> <p>The protocol implementation is based on JSON messages over unix socket. Eric will be fully documenting it soon. Currently the commands are limited to shutting down and getting some basic stats. This part isn&rsquo;t very exciting yet, but the groundwork for many future extensions has been laid.</p> https://inliniac.net/blog/2010/12/24/listening-on-multiple-interfaces-with-suricata/ Fri, 24 Dec 2010 13:13:24 +0000 https://inliniac.net/blog/2010/12/24/listening-on-multiple-interfaces-with-suricata/ <p>A question I see quite often is, can I listen on multiple interfaces with a single Suricata instance? Until now the answer always was &ldquo;no&rdquo;. I&rsquo;d suggest trying the &ldquo;any&rdquo;-pseudo interface (suricata -i any), with an bpf to limit the traffic or using multiple instances of Suricata. That last suggestion was especially painful, as one of the goals of Suricata is to allow a single process to process all packets using all available resources.</p> https://inliniac.net/blog/2007/10/09/friendly-pcap-parsing/ Mon, 08 Oct 2007 22:47:28 +0000 https://inliniac.net/blog/2007/10/09/friendly-pcap-parsing/ <p>Over at his weblog <a href="http://node5.blogspot.com/">node5</a>, William Metcalf has written about a nice script he created for automagically extracting full content data for certain ip&rsquo;s and ip ranges from large amounts of pcap data. It will also create some nice output for the data. Check out his <a href="http://node5.blogspot.com/2007/08/parsep-extend-rangepl-your-friendly.html">post at node5</a> and the <a href="http://doc.bleedingthreats.net/bin/view/Main/PcapParser">script here at bleedingthreats</a>. Great to see you blogging Will! :)</p>