Page 1 of 1
importing tcpdump files
Posted: Tue Oct 04, 2011 3:22 pm
How can I collect offline data to a file with tcpdump and import the file into OmniPeek?
Default options don't work and we are not able to use the tcpdump streaming setup.
RE: importing tcpdump files
Posted: Tue Oct 04, 2011 3:31 pm
If you have OmniPeek Professional or Enterprise along with a maintenance contract, you can log into MyPeek and download the TCPDump Remote adapter. This will allow you to stream packets into OmniPeek from a Linux host.
RE: RE: importing tcpdump files
Posted: Wed Oct 05, 2011 7:43 am
As noted, we can't use the streaming approach.
Here's how I got it to work on a Ubuntu machine.
sudo tcpdump -i eth0 -nn -s0 -v -C100 -w /home/gordon/captures/capture
A series of files are created. The trick is to append ".pcap" to let the files be recognized and imported by Omnipeek.
Suggestion: Add this file extension trick to the manual.
RE: RE: RE: importing tcpdump files
Posted: Wed Oct 05, 2011 8:21 am
Thanks very much for that input.