Project

General

Profile

Actions
Copy link

Documentation #4352

open

Devguide: Debugging Basics - pcap_cnt

Added by Shivani Bhardwaj over 4 years ago. Updated 2 days ago.

Status:
Assigned
Priority:
Low
Assignee:
OISF Dev
Target version:
8.0.2
Affected Versions:
Effort:
Difficulty:
Label:

Description

What is pcap_cnt.
How to use it to correlate packet data with Wireshark.
jq commands to check/sort pcap_cnt for particular situations.

Actions
Copy link
 #1

Updated by Shivani Bhardwaj about 3 years ago

  • Assignee changed from Shivani Bhardwaj to Juliana Fajardini Reichow
  • Priority changed from Normal to Low
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow almost 3 years ago

  • Target version set to 8.0.0-beta1
Actions
Copy link
 #3

Updated by Victor Julien over 1 year ago

  • Assignee changed from Juliana Fajardini Reichow to OISF Dev
Actions
Copy link
 #4

Updated by Victor Julien 7 months ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link
 #5

Updated by Victor Julien 3 months ago

  • Target version changed from 8.0.0-rc1 to 8.0.0
Actions
Copy link
 #6

Updated by Philippe Antoine 3 months ago

  • Target version changed from 8.0.0 to 8.0.1
Actions
Copy link
 #7

Updated by Jeff Lucovsky 9 days ago 

 jq -s 'sort_by(.pcap_cnt)' < eve.json

Use this to sort EVE records by pcap_cnt

Actions
Copy link
 #8

Updated by Jeff Lucovsky 7 days ago

This will be more useful if included in the user guide -- eve-json-examples and eve-json-output?

Actions
Copy link
 #9

Updated by Victor Julien 2 days ago

  • Target version changed from 8.0.1 to 8.0.2
Actions
Copy link

Also available in: Atom PDF