Hi,
Does Zeek support writing pcaps from live traffic? Further, I would like to store each TCP connection as a standalone pcap file. If Zeek does not support file writing, can I write plugins?
There are a few options, e.g., -c, -w in Zeek command line(version 5.2.2), but they didn’t work of writing pcaps, ```zeek -w test.pcap````
Thanks.