Questions about ENV_PCAP_FILTER #619
-
|
Hi, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
In Malcolm's environment variables there's a This filter will be used to limit what traffic the PCAP service (netsniff-ng or tcpdump) and the traffic analysis services ( So it really just depends on what traffic you want to filter out. Identify the traffic you don't want to generate PCAP for, and create a filter in |
Beta Was this translation helpful? Give feedback.
In Malcolm's environment variables there's a
PCAP_FILTERvariable.This filter will be used to limit what traffic the PCAP service (netsniff-ng or tcpdump) and the traffic analysis services (
zeekandsuricata) will see. Capture filters are specified using Berkeley Packet Filter (BPF) syntax. For example, to ignore the ports Hedgehog Linux uses to communicate with Malcolm, users could specifynot port 5044 and not port 5045 and not port 8005 and not port 8006 and not port 9200.So it really just depends on what traffic you want to filter out. Identify the traffic you don't want to generate PCAP for, and create a filter in
PCAP_FILTERto exclude it. Normally you'd not be capturing on the sa…