zeek

Passive network traffic analyser. Any output and log files will be saved to the current working directory. More information: https://docs.zeek.org/en/lts/quickstart.html#zeek-as-a-command-line-utility.

• Analyze live traffic from a network interface:

sudo zeek --iface {{interface}}

• Analyze live traffic from a network interface and load custom scripts:

sudo zeek --iface {{interface}} {{script1}} {{script2}}

• Analyze live traffic from a network interface, without loading any scripts:

sudo zeek --bare-mode --iface {{interface}}

• Analyze live traffic from a network interface, applying a tcpdump filter:

sudo zeek --filter {{path/to/filter}} --iface {{interface}}

• Analyze live traffic from a network interface using a watchdog timer:

sudo zeek --watchdog --iface {{interface}}

• Analyze traffic from a pcap file:

zeek --readfile {{path/to/file.trace}}