Packet Capture
-
I know how to setup a packet capture, but is there a way to set it up to capture after an alert for so long?
-
I don't think you can.
-
By chance do you know if there is anything out there that can do this?
-
Nope.
I'd use port mirroring on the switch that the router connects to, connect a laptop to the mirror port, leave a capture running on Wireshark and create a new file after X Gb
It's not ideal.
What "alert" are you trying to capture?
-
For alerts im Just trying to get more information on what is happening. Currently I have this system setup with 2 ports one for management and another for traffic. The traffic port has no ip on it and at the switch I have all external traffic coming in and out mirrored to it. I could run a constant capture on this interface, but it will fill up the box in no time. Im just trying to find something out there to pull a full pcap upon a triggered alert.
