Hacker News new | past | comments | ask | show | jobs | submit login

This looks good! What do people use for fast indexed search of pcaps? (Contents, not metadata.)



I like Arkime (used to be called Moloch). My only pet peeve is that the documentation for the search bar is not separated from the tool. Their site docs tell you to go to the tool instead of just having the information mirrored. But for large scale pcap analysis that still lets me look at individual packet data.. it's my first choice.


Thanks, do you recall how to do e.g. a full TCP payload text search across all packets? Didn't find it with a quick search.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: