Continuous packet capturing and storing

Su30MKI

Is it possible to do continuous packet capture of an interface and store it in a file storage from pfsense?

johnpoz

So you want to turn pfsense into a gigastore? Or extrahop added it a few years back... There are some alternatives for sure - but this is not something I would do on pfsense..

Back a few years there was a GREAT product https://www.colasoft.com/nchronos/ that use to be FREE.. for like 1 interface and less than 1 gig.. It was perfect for home monitoring or smb... But they pulled it from their FREE -- you can get a demo though.. Pricing should be way cheaper than appliance way of doing this.

There are for sure opensource free ways to do this - I just wouldn't do it at your firewall.. Run it via a tap or span port off your switching infrastructure..

You could use n2disk from ntop for such a thing... They also sell a box nBox I do believe they call it for this sort of thing... There are many ways to skin this cat... Doing it on your firewall would not be one of them.. The packet capture feature of pfsense is great for troubleshooting an issue. But I would not use it for such monitoring of your network.

I would prob look here
http://www.openfpc.org/

I have not had time to play with it yet... But it is on my todo list ;)

JKnott

Well, there's Packet Capture, built into pfSense, that can capture all the traffic on a pfSense interface. However, you'd have to manually start & stop it and then download the capture file. If an interface on another device, you'd also need a managed switch, configured to port mirror.