We are using packetbeat to review pcaps from multiple environments and like how it is setup.
I realize that the primary focus of packetbeat is to review the protocol and streams. Is there plans in the future for monitoring at the TCP or UDP layer for unknown protocols?
We started working on a plugin for monitoring unknown TCP but are finding the current TCP code for example drops retransmits and failures. What would it take to support TCP/UDP monitoring?
Also, is there any documentation on code layout and writing plugins?