A custom Docker image that uses tcpreplay to feed arbitrary pcaps at arbitrary speed to Zeek via dummy0 NIC.
Built on top of zeekurity/zeek:latest
- Get this code. Note -
pcapdirectory contains an 80MB sample file to get you started - this will take a minute or two to download.
git clone https://github.com/berthayes/zeek-tcpreplay && cd zeek-tcpreplay
- Build the Docker image (~5 min - YMMV)
docker build -t zeek-tcpreplay .
- Start that container!
bash runit.sh
- Wait a minute or so for things to start up...
sleep 60 && echo "We should be good to go."