[Cialug] Traffic Analysis
Philip Henely
henely at gmail.com
Sat Jul 25 13:54:52 UTC 2020
Is this traffic encrypted? If so, I wouldn't expect Zeek (or really many
other tools) to be able to give you the visibility you are looking for. In
an encrypted environment Zeek won't provide much better data than netflow
would at least out of the box. It would provide an SSL log of SSL
connections it saw and a connection log that would have to correlated
together to get traffic, not sure if that would count for what you are
looking for or not.
----------------------------------------------------------------
Philip Henely
----------------------------------------------------------------
"Computers are incredibly fast, accurate and stupid. Human beings are
incredibly slow, inaccurate and brilliant. Together they are powerful
beyond imagination." -- Einstein
On Sat, Jul 25, 2020 at 7:50 AM L. V. Lammert <lvl at omnitec.net> wrote:
> On Fri, 24 Jul 2020, Brett Neese wrote:
>
> > You might be able to get https://zeek.org/ to do what you want.
> > It'sfocused on security but is very flexible at doing network analysis
> > of all kinds.
> >
> Interesting option, .. thanks!
>
> Anyone have input on Zeek vs. PFSense vs. OPNSense vs. others?
>
> Thanks!
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
More information about the Cialug
mailing list