(pcap: File has 263718464-byte packet, bigger than maximum of 262144) Mergecap: Error reading /opt/samples/10k.pcap: The file appears to be damaged or corrupt I tried running the script against two of the sample files packaged with SO, but ran into issues with sudo so-import-pcap /opt/samples/10k.pcap Rich sudo cp so-import-pcap sudo chmod 755 /usr/sbin/so-import-pcap Next I downloaded the script using wget from. First, I made sure I was running Security Onion Elastic Stack Release Candidate 2 (14.04.5.8 ISO) or later. Here is how I tested the new so-import-pcap script. Therefore, for years, there has not been a way to import. pcap files, there was no unified way to integrate their output into the SO platform. While all of the NSM tools in SO have the independent capability to read stored. pcap file, the new traffic would be assigned contemporary timestamps by the various tools observing the traffic. If one simply replayed the traffic from a.
The problem with this model is that it could not be used for processing stored network traffic.
As the multitude of SO components observe network traffic, they generate, store, and display various forms of NSM data for use by analysts. I have always used SO in a live production mode, meaning I deploy a SO sensor sniffing a live network interface. Within the last week, Doug Burks of Security Onion (SO) added a new script that revolutionizes the use case for his amazing open source network security monitoring platform.
0 kommentar(er)
