How can the beat(s) system be used to listen/ingest full packets, ie i don't just want the headers, but the data also.
Scenario: Can one or more beats be used to listen for SMB TCP traffic and identify the SMBv1 dialect selected inside the request and response packets between the server/client?
Netflow doesn't have enough info, Packetbeat doesn't "appear" to support SMB/445 traffic, help?
I understand Filebeat has a TCP input, but can i filter that down to SMB only?.
I'd prefer NOT to use Logstash if possible.