问题
The documentation for Packetbeat is pretty straightforward and says it very clearly as stated below
On Linux, you can specify any for the device, and Packetbeat captures all messages sent or received by the server where Packetbeat is installed.
For the configuration
packetbeat.interfaces.device: any
But has absolutely nothing on how to do the same on Windows.
Any idea how?
回答1:
Currently, Packetbeat does not support Mulitple interfaces i.e. packetbeat.interfaces.device: any in windows.
However, there is an open issue for enhancement on GitHub for Packetbeat. So there is a chance in future that it may be out there but for now, there is no such thing in Packetbeat to capture all interfaces traffic in windows using packetbeat.interfaces.device: any. This feature is only Linux specific.
来源:https://stackoverflow.com/questions/49396920/how-to-configure-packetbeat-to-sniff-any-devices-on-windows