Project

General

Profile

Actions

Documentation #7220

open

guides: add a post on using 'ip' and 'tcpdump' to Suricata forum's Guides

Added by Juliana Fajardini Reichow 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Outreachy

Description

Our Userguide currently has a mention to an out-of-date guide on Sniffing_Packets_with_Wireshark.

While that is useful, it has some instructions that are not recommended in terms of security best practices
(running as sudo. We also understand that there are early steps that need coverage and are not tied to Wireshark.

Therefore, we need a guide to explain how to use ip and tcpdump to know which interface card the user system is
using for network traffic, as well as how to do packet sniffing etc:
- Convert ifconfig to ip --brief address as ifconfig isn't installed by default on many Linux systems these days
- Run tcpdump, are you seeing the packets you expect to see?, perhaps with an address filter

This task covers:
- creating a Forum post under the Guides category (https://forum.suricata.io/c/guides/12) respecting formatting etc., on the topics discussed above
- updating our Userguide to point to this new guide, instead of to the Sniffing Packets with Wireshark one: https://docs.suricata.io/en/latest/performance/packet-profiling.html#packet-profiling

Actions

Also available in: Atom PDF