Zeek

Installation and Use of Napatech Link-Capture™ Software for Intel® PAC with Intel® Arria® 10 GX FPGA

Platform
Content Type
Quick Guide
Capture Software Version
Link™ Capture Software 12.10

Installing and configuring Zeek for Napatech Link-Capture™ Software.

Introduction

Zeek is an open source Unix-based network monitoring framework.

Zeek can be installed for use with Napatech Link-Capture™ Software in two ways:
  • Zeek can be installed from binary packages and use libpcap interfaces to Napatech Link-Capture™ Software.
  • To get optimal performance, install a Napatech packet source plugin for Zeek.

Package-based installation

Find a suitable precompiled Zeek package for your OS distribution. See Installing and Running libpcap Applications for general information about how to install and use package-based applications with Napatech libpcap.

See DN-0428 for more information about configuration of Napatech libpcap.

For general information about installation of Zeek, see https://docs.zeek.org/en/master/get-started.html.

For installation instructions for specific Zeek versions, see the INSTALL file in the Zeek package.

To use the Napatech interfaces, edit the node.cfg file according to your specific configuration.

This example sets up a 2-node cluster that listens on the Napatech pcap devices napa0 and napa1. This configuration works with the default ntpcap.ini file.
# Example ZeekControl node configuration.
#
#This example has a standalone node ready to go except for possibly changing
# the sniffing interface.
# This is a complete standalone configuration. Most likely you will
# only need to change the interface.
#[zeek]
#type=standalone
#host=localhost
#interface=eth0
## Below is an example clustered configuration. If you use this,
## remove the [zeek] node above.

[manager]
type=manager
host=localhost

[proxy-1]
type=proxy
host=localhost

[worker-1]
type=worker
host=localhost
interface=napa0

[worker-2]
type=worker
host=localhost
interface=napa1

Napatech packet source plugin for Zeek

Building and running Zeek with Napatech support involves the following steps:

Related links

Zeek site: https://zeek.org/

Zeek source: https://github.com/zeek

Zeek documentation: https://docs.zeek.org/en/master/

Zeek installation from source: https://docs.zeek.org/en/master/install.html#installing-from-source

Zeek binary packages: https://zeek.org/get-zeek/

Zeek Package Manager documentation: https://docs.zeek.org/projects/package-manager/en/stable/

Napatech packet source plugin for Zeek: https://github.com/napatech/zeek_plugin