Project

General

Profile

Documentation #7220

Updated by Juliana Fajardini Reichow 3 months ago

Our Userguide currently has a mention to an out-of-date guide on [[Sniffing_Packets_with_Wireshark]]. 

 While that is useful, it has some instructions that are not recommended in terms of security best practices 
 (running as @sudo@. We also understand that there are early steps that need coverage and are not tied to Wireshark. 

 Therefore, we need a guide to explain how to use @ip@ and @tcpdump@ to know which interface card the user system is 
 using for network traffic, as well as how to do packet sniffing etc: 
 - Convert @ifconfig@ to @ip@ --brief address as @ifconfig@ isn't installed by default on many Linux systems these days 
 - Run @tcpdump@, are you seeing the packets you expect to see?, perhaps with an address filter etc. 

 This task covers: 
 - creating a Forum post under the Guides category (https://forum.suricata.io/c/guides/12) respecting formatting etc., on the topics discussed above 
 - updating our Userguide to point to this new guide, instead of to the Sniffing Packets with Wireshark one: https://docs.suricata.io/en/latest/performance/packet-profiling.html#packet-profiling

Back