Documentation #7220
Updated by Juliana Fajardini Reichow 2 months ago
Our Userguide currently has a mention to an out-of-date guide on [[Sniffing_Packets_with_Wireshark]]. While that is useful, it has some instructions that are not recommended in terms of security best practices (running as @sudo@. We also understand that there are early steps that need coverage and are not tied to Wireshark. Therefore, we need a guide to explain how to use @ip@ and @tcpdump@ to know which interface card the user system is using for network traffic, as well as how to do packet sniffing etc: - Convert @ifconfig@ to @ip@ --brief address as @ifconfig@ isn't installed by default on many Linux systems these days - Run @tcpdump@, are you seeing the packets you expect to see?, perhaps with an address filter etc. This task covers: - creating a Forum post under the Guides category (https://forum.suricata.io/c/guides/12) respecting formatting etc., on the topics discussed above - updating our Userguide to point to this new guide, instead of to the Sniffing Packets with Wireshark one: https://docs.suricata.io/en/latest/performance/packet-profiling.html#packet-profiling