Try.zeek and local zeek6.0.1 : missing entries

Zeek
1
  • I tried a pcapng file on tryZeek online for conn.log
  • parllelly same pacpng, I ran zeek6.0.1 on ubuntu20.04 for conn.log

There is a huge mismatch in the total number of packets and udis/flows recorded by tryZeek and local zeek6.0.1.

  • could you please help me in this regard.

New users cannot upload files : not able to attach the files.

-Thanks in advance for any help.

2

Can you try running your local Zeek with -C to ignore potential checksum errors in the pcap?

try.zeek.org does that by default.

Hope that helps,
Arne

3

Now the outputs are matching.
Thanks a lot Arne