Page 1 of 1

importing tcpdump files

Posted: Tue Oct 04, 2011 3:22 pm
by gmit
How can I collect offline data to a file with tcpdump and import the file into OmniPeek?

Default options don't work and we are not able to use the tcpdump streaming setup.

RE: importing tcpdump files

Posted: Tue Oct 04, 2011 3:31 pm
by DJWP
If you have OmniPeek Professional or Enterprise along with a maintenance contract, you can log into MyPeek and download the TCPDump Remote adapter. This will allow you to stream packets into OmniPeek from a Linux host.

RE: RE: importing tcpdump files

Posted: Wed Oct 05, 2011 7:43 am
by gmit
As noted, we can't use the streaming approach.

Here's how I got it to work on a Ubuntu machine.

sudo tcpdump -i eth0 -nn -s0 -v -C100 -w /home/gordon/captures/capture

A series of files are created. The trick is to append ".pcap" to let the files be recognized and imported by Omnipeek.

Suggestion: Add this file extension trick to the manual.

RE: RE: RE: importing tcpdump files

Posted: Wed Oct 05, 2011 8:21 am
by DJWP
Thanks very much for that input.