Skip to content

3. Analyzing Live Traffic

Jump to bottom
Hariom Chaturvedi edited this page Aug 15, 2021 · 1 revision

Analyzing Live Traffic

PcapMonkey now supports live traffic analysis. You can analyze the network traffic of the host machine. Following is the process for the same:

Start the Elastic stack, and then start the Suricata and Zeek Containers. Make sure to import the OpenET rules before starting Suricata.

sudo docker-compose up -d elasticsearch filebeat kibana

Once the Elastic stack is in healthy state run:

sudo docker-compose -f docker-compose-live.yaml up -d suricata zeek

Note: Suricata will take some time to start properly.

Once the containers are up, the logs can be seen on Kibana.

Clone this wiki locally