zeek
Passive network traffic analyzer. Any output and log files will be saved to the current working directory. More information: https://docs.zeek.org/en/lts/quickstart.html#zeek-as-a-command-line-utility.
-
Analyze live traffic from a network interface:
sudo zeek --iface {{interface}}
-
Analyze live traffic from a network interface and load custom scripts:
sudo zeek --iface {{interface}} {{script1}} {{script2}}
-
Analyze live traffic from a network interface, without loading any scripts:
sudo zeek --bare-mode --iface {{interface}}
-
Analyze live traffic from a network interface, applying a
tcpdump
filter:
sudo zeek --filter {{path/to/filter}} --iface {{interface}}
-
Analyze live traffic from a network interface using a watchdog timer:
sudo zeek --watchdog --iface {{interface}}
-
Analyze traffic from a
pcap
file:
zeek --readfile {{path/to/file.trace}}
License and Disclaimer
The content on this page is copyright © 2014—present the tldr-pages team and contributors.This page is used with permission under Creative Commons Attribution 4.0 International License.
While we do attempt to make sure content is accurate, there isn't a warranty of any kind.