GETTING STARTED
What is Cyberspatial Teleseer?
Which Teleseer plan should I pick?
How to sign-up and register for an account
What are the system requirements?
What kind of file types can Teleseer analyze?
Overview of the Teleseer user interface
Publicly available PCAP repositories
ACCOUNT
How to manage your account
How to reset your password
USING TELESEER
Uploading files on the home page
Navigating the network map
Editing and rearranging the network map
Understanding the host inventory
Understanding the external host inventory
Understanding the Connections table
Understanding the Credentials table
Understanding the Dashboard
Exploring the Inspector panel
Exploring the event timeline
TUTORIALS
How to extract PCAP from your timeline
How to identify malicious IP addresses
How to find vulnerable hosts
How to find plaintext credentials
How to export the host inventory
How to export a screenshot of your network map
How to splice PCAPs
How to add PCAPs to a compressed archive
HELP
Contact support
Glossary
Frequently Asked Questions
Troubleshooting

What kind of file types can Teleseer analyze?

Teleseer processes network collection files containing 802.3 or 802.11 headers. These files can be one-off collections or can exist within a compressed archive.

In addition to network collection files, Teleseer processes bro/zeek logs.

Network collection files

The following network collection file types are supported:

EXTENSION
.cap
.dmp
.pcap
.pcapng
Google Stenographer

Bro/Zeek

<blockquote class="quote-yellow">Cooked PCAPs
"cooked" network collection files are not currently supported</blockquote>

The following bro/zeek log files can be imported into Teleseer:

FILE DESCRIPTION
conn.log IP, TCP, UDP, ICMP connection details
dhcp.log DHCP lease activity
dns.log DNS query/response details
ftp.log FTP request/reply details
http.log HTTP request/reply details
ntp.log NTP request/reply details
sip.log SIP analysis
smtp.log SMTP transactions
ssh.log SSH handshakes
ssl.log SSL handshakes
tunnel.log Details of encapsulating tunnels

It is recommended to use a supported compressed archive file such that all .log files can be ingested at once.Assets created from log files without layer 2 content will appear within the External Hosts tab.

To create logs with layer 2 content, use the following zeek flag: policy/protocols/conn/mac-logging

# Example
$ zeek -C -r maccdc_demo.pcap policy/protocols/conn/mac-logging


For more information on additional support and policies for zeek, see the Zeek Script Index

<blockquote class="quote-yellow">Supported formats
Teleseer currently provides support for the TSV format.
JSON format is not currently supported.</blockquote>

Compressed archives

The following compressed archives are supported:

EXTENSION DESCRIPTION
.bz2 BZIP2 compressed archive
.gz GNU zip compressed archive
.tar Unix Tape Archive File compressed archive
.xz LZMA compressed archive
.zip Lossless data compression archive

<blockquote class="quote-blue">Compressed archives should contain one or more of the above-supported file types.</blockquote>

TABLE OF CONTENTS
Creating and deleting projects
How to add additional files to your project
How to add project notes
How to change the mouse tracking speed
How to export the Credentials table
How to export the External Hosts inventory
How to filter tables by selected hosts
How to filter the timeline by selected host(s)
How to filter the topology
How to identify a host's physical location
How to make a custom view
How to pin table columns
How to search for hosts
How to see which protocols are using the most traffic
How to sort inventory tables
What is Cyberspatial Teleseer?
Which Teleseer plan should I pick?
How to sign-up and register for an account
What are the system requirements?
What kind of file types can Teleseer analyze?
Overview of the Teleseer user interface
Publicly available PCAP repositories
How to manage your account
How to reset your password
Uploading files on the home page
Navigating the network map
Editing and rearranging the network map
Understanding the host inventory
Understanding the external host inventory
Understanding the Connections table
Understanding the Credentials table
Understanding the Dashboard
Exploring the Inspector panel
Exploring the event timeline
How to extract PCAP from your timeline
How to identify malicious IP addresses
How to find vulnerable hosts
How to find plaintext credentials
How to export the host inventory
How to export a screenshot of your network map
How to splice PCAPs
How to add PCAPs to a compressed archive
Contact support
Glossary
Frequently Asked Questions
Troubleshooting
Careers
Terms of Service
Privacy Policy
Contact us
Docs
Copyright © 2024 All rights reserved.