Install various Perl requiremnets. This can be taken care of with command below.
cpanm ViraniConfigure it.
For example on FreeBSD if you have daemonlogger set up something like below.
daemonlogger_enable="YES"
daemonlogger_flags="-f /usr/local/etc/daemonlogger.bpf -d -l /var/log/daemonlogger -t 120"Then a basic config would be like below.
default_set='default'
allowed_subnets=["192.168.14.0/23", "127.0.0.1/8"]
[sets.default]
path='/var/log/daemonlogger'
regex='(?<timestamp>\d\d\d\d\d\d+)(\.pcap|(?<subsec>\.\d+)\.pcap)$'
strptime='%s'For more information on the config file, see the POD for Virani.
A example grabbing port 53 traffic below can be done like the following.
virani -s 2023-02-27T11:00:18 -e 2023-02-27T11:31:18 port 53The time may also be specified like below.
now current time
now-30 30 seconds ago
now-30m 30 minutes ago
now-30h 30 hours ago
now-30w 30 weeks ago
So if you wanted to find all port 53 traffic in the last minute, you could do somethiing like below.
virani -s now-1m -e now port 53The help info for virani is as below. For more info check out the POD for the module Virani and the script Virani.
--help Print this.
-h Print this.
--version Print version.
-v Print version..
-r <remote> Remote URL or config file for remote info.
-a <apikey> API key for remote URL if needed.
-f <filter> Filter for use with tshark or tcpdump.
-t <type> tcpdump or tshark
Default :: tcpdump
-t <set> Set to use. If undef, uses whatever the default is.
Default :: undef
--config <config> Config file to use.
Default :: /usr/local/etc/virani.toml
-s <timestamp> Start timestamp. Any format supported by
Time::Piece::Guess is usable.
-e <timestamp> End timestamp. Any format supported by
Time::Piece::Guess is usable.
-w <output> The file to write the PCAP to.
Default :: out.pcap
--nc If cached, do not use it.
-k Do not check the SSL cert for HTTPS for remote.
This software is Copyright (c) 2023 by Zane C. Bowers-Hadley.
This is free software, licensed under:
The GNU Lesser General Public License, Version 2.1, February 1999