tl;dr By manually changing the Linktype using a hex editor in the Interface Description Block (IDB) of the PCAPng file will convince the packet analysis software that only 1 type of interfaces were available at the time of capture.WARNING: Throughout this post I reference “PCAP” and “PCAPng” int...
Published on April 14, 2021 |
9 min read
pcap hex zeek suricata brim