i a new to the networks and i am using pirogue for capturing networks traffic from a mobile phone (ios) so i want to know if there is a way i can use suricata to detect the suspicious paquet and domains using the data i have from the pirogue tool , because i installed suricata but it opens me a terminal to write codes
Hi there,
From what I see, PiRogue relies on Suricata and Suricata-rules for network analysis and threat detection, and PiRogue offers a dashboard to visualize analysis results (cf Network traffic analysis | PiRogue Tool Suite).
If you are generating packet captures, you can run Suricata in pcap mode to read and analyse those (Suricata rules provided). But it seems to me that with PiRogue you should have access to a solution more integrated, already. Have you tried reaching out to their community?
Suricata is a command-line based tool, so indeed we mostly interact with it via terminal. But you shouldn’t be prompted to write code - you can write or customize your own rules; and customize Suricata settings.
Once again, though, if you are using PiRogue, I’d recommend reaching out to them, as they should be better equipped to help. 