Full packet inspection with beats?

How can the beat(s) system be used to listen/ingest full packets, ie i don't just want the headers, but the data also.

Scenario: Can one or more beats be used to listen for SMB TCP traffic and identify the SMBv1 dialect selected inside the request and response packets between the server/client?

Netflow doesn't have enough info, Packetbeat doesn't "appear" to support SMB/445 traffic, help?

I understand Filebeat has a TCP input, but can i filter that down to SMB only?.

I'd prefer NOT to use Logstash if possible.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.