Feature #8132: Add decompression support to pcap-file capture method - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8132

open

Add decompression support to pcap-file capture method

Added by A. Iooss 1 day ago. Updated about 17 hours ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Suricata can produce pcap.xz files, but can only read uncompressed pcap files.
When dealing with large datasets of pcap, it can be useful to be able to load them directly in Suricata without having to decompress them beforehand.

History
Notes

Actions

Copy link

Updated by Pierre Chifflier about 17 hours ago

Just adding a +1 on this
I'd be interested in both using this feature, and maybe volunteering to implement it :)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #8132

Add decompression support to pcap-file capture method

Updated by Pierre Chifflier about 17 hours ago