The goal of Wireshark’s Community ID support is to display the ID tags right as you browse packets. (You can see that list grow here - let us know if we missed anything!) Last week another important application added Community ID support: Wireshark, with its 3.3.1 development release. Suricata and Zeek gained Community ID support early on, and over the past two years the NDR community has expanded support to a range of systems, languages, and platforms.
It is much more difficult to extract this flow tuple reliably from a range of different log formats, and then to match it reliably, than to tag your logs records with Community IDs and simply search everything for the resulting tag, which in this case is “1:RXd76pOsi7yyeZ2PEv0Udb8vEXs=”. We introduced Community ID in 2018 to simplify the correlation of network traffic logs across different monitoring applications. I’d like to summarize them in this blog post.
The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation.
0 kommentar(er)
