Menu :

TL;DR

zeek

Passive network traffic analyzer. Any output and log files will be saved to the current working directory. More information: https://docs.zeek.org/en/lts/quickstart.html#zeek-as-a-command-line-utility.

Analyze live traffic from a network interface:

sudo zeek --iface interface

Analyze live traffic from a network interface and load custom scripts:

sudo zeek --iface interface script1 script2

Analyze live traffic from a network interface, without loading any scripts:

sudo zeek --bare-mode --iface interface

Analyze live traffic from a network interface, applying a tcpdump filter:

sudo zeek --filter path/to/filter --iface interface

Analyze live traffic from a network interface using a watchdog timer:

sudo zeek --watchdog --iface interface

Analyze traffic from a PCAP file:

zeek --readfile path/to/file.trace

This document was created using the contents of the tldr project.

a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
others