OmniPeek Support

importing tcpdump files

gmit
Posts: 8
Joined: Wed Jun 04, 2008 3:11 pm

importing tcpdump files

Postby gmit » Tue Oct 04, 2011 3:22 pm

How can I collect offline data to a file with tcpdump and import the file into OmniPeek?

Default options don't work and we are not able to use the tcpdump streaming setup.

DJWP
Posts: 676
Joined: Tue Oct 30, 2007 11:42 am

RE: importing tcpdump files

Postby DJWP » Tue Oct 04, 2011 3:31 pm

If you have OmniPeek Professional or Enterprise along with a maintenance contract, you can log into MyPeek and download the TCPDump Remote adapter. This will allow you to stream packets into OmniPeek from a Linux host.

gmit
Posts: 8
Joined: Wed Jun 04, 2008 3:11 pm

RE: RE: importing tcpdump files

Postby gmit » Wed Oct 05, 2011 7:43 am

As noted, we can't use the streaming approach.

Here's how I got it to work on a Ubuntu machine.

sudo tcpdump -i eth0 -nn -s0 -v -C100 -w /home/gordon/captures/capture

A series of files are created. The trick is to append ".pcap" to let the files be recognized and imported by Omnipeek.

Suggestion: Add this file extension trick to the manual.

DJWP
Posts: 676
Joined: Tue Oct 30, 2007 11:42 am

RE: RE: RE: importing tcpdump files

Postby DJWP » Wed Oct 05, 2011 8:21 am

Thanks very much for that input.


Return to “OmniPeek Support”

Who is online

Users browsing this forum: Bing [Bot] and 1 guest