[Zeek] Capture Loss using pcap file

Eva Seipel eva.c.e.seipel at gmail.com
Mon Oct 7 01:11:16 PDT 2019


Dear all,

when I run Zeek/Bro (Version 2.6.3) against a rather large pcap file of
about 8GB (one from the CICIDS2017 dataset) I get values in between 17 and
65% in capture_loss.log. What could be the reason for that? I am pretty new
to the topic and couldn't find anything about that via search. Is it a
problem with Zeek like to much data or was the loss already in the pcap and
has nothing to do with Zeek?

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191007/078f4181/attachment.html 


More information about the Zeek mailing list