Full packet inspection with beats?

ajhstn · September 22, 2019, 1:53am

How can the beat(s) system be used to listen/ingest full packets, ie i don't just want the headers, but the data also.

Scenario: Can one or more beats be used to listen for SMB TCP traffic and identify the SMBv1 dialect selected inside the request and response packets between the server/client?

Netflow doesn't have enough info, Packetbeat doesn't "appear" to support SMB/445 traffic, help?

I understand Filebeat has a TCP input, but can i filter that down to SMB only?.

I'd prefer NOT to use Logstash if possible.

system · October 20, 2019, 3:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can Packetbeat just be used to show traffic going from a server? Beats packetbeat	3	508	July 8, 2019
On the division of labor between packetbeat and filebeat Beats filebeat , packetbeat	3	404	September 22, 2021
Is there any way to do data sampling at client side? Beats packetbeat	8	1748	July 5, 2017
Getting PacketBeat Raw TCP Payloads 2 Beats packetbeat	2	528	July 21, 2020
Feature Request Flowbeat! Beats packetbeat	12	5892	November 4, 2022

Full packet inspection with beats?

Related topics