zeek

Passive network traffic analyser.

Any output and log files will be saved to the current working directory.

• Analyze live traffic from a network interface:

sudo zeek --iface {interface}

• Analyze live traffic from a network interface and load custom scripts:

sudo zeek --iface {interface} {script1} {script2}

• Analyze live traffic from a network interface, without loading any scripts:

sudo zeek --bare-mode --iface {interface}

• Analyze live traffic from a network interface, applying a `tcpdump` filter:

sudo zeek --filter {path/to/filter} --iface {interface}

• Analyze live traffic from a network interface using a watchdog timer:

sudo zeek --watchdog --iface {interface}

• Analyze traffic from a `pcap` file:

zeek --readfile {path/to/file.trace}

Copyright © 2014—present the tldr-pages team and contributors.

This work is licensed under the Creative Commons Attribution 4.0 International License (CC-BY).