blob: 5496447e4be8e53049288bc35c66603d6034ba7c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
Packet Profiling
================
In this guide will be explained how to enable packet profiling and use
it with the most recent code of Suricata on Ubuntu. It is based on the
assumption that you have already installed Suricata once from the GIT
repository.
Packet profiling is convenient in case you would like to know how long
packets take to be processed. It is a way to figure out why certain
packets are being processed quicker than others, and this way a good
tool for developing Suricata.
Update Suricata by following the steps from :ref:`Installation from GIT`. Start
at the end at
::
cd suricata/suricata
git pull
And follow the described next steps. To enable packet profiling, make
sure you enter the following during the configuring stage:
::
./configure --enable-profiling
Find a folder in which you have pcaps. If you do not have pcaps yet,
you can get these with Wireshark. See `Sniffing Packets with Wireshark
<https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Sniffing_Packets_with_Wireshark>`_.
Go to the directory of your pcaps. For example:
::
cd ~/Desktop
With the ls command you can see the content of the folder. Choose a
folder and a pcap file
for example:
::
cd ~/Desktop/2011-05-05
Run Suricata with that pcap:
::
suricata -c /etc/suricata/suricata.yaml -r log.pcap.(followed by the number/name of your pcap)
for example:
::
suricata -c /etc/suricata/suricata.yaml -r log.pcap.1304589204
|