Skip to content
/ zeek-tcpreplay Public

Use tcpreplay to slowly feed arbitrary pcaps to Zeek via dummy0 NIC. Impress your friends.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

berthayes/zeek-tcpreplay

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
pcaps
pcaps
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker_readme.md
docker_readme.md
 
 
init_dummy.sh
init_dummy.sh
 
 
runit.sh
runit.sh
 
 

Repository files navigation

zeek-tcpreplay

A custom Docker image that uses tcpreplay to feed arbitrary pcaps at arbitrary speed to Zeek via dummy0 NIC.

Built on top of zeekurity/zeek:latest

  1. Get this code. Note - pcap directory contains an 80MB sample file to get you started - this will take a minute or two to download.
git clone https://github.com/berthayes/zeek-tcpreplay && cd zeek-tcpreplay
  1. Build the Docker image (~5 min - YMMV)
docker build -t zeek-tcpreplay .
  1. Start that container!
bash runit.sh
  1. Wait a minute or so for things to start up...
sleep 60 && echo "We should be good to go."

About

Use tcpreplay to slowly feed arbitrary pcaps to Zeek via dummy0 NIC. Impress your friends.

Topics

zeek tcpreplay

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages