Are there any "packet sniffers" available?
-
Sometimes it's usefull/interesting to keep an eye on the traffic going through my internet connection.
Are there any packages for pfSense that lets me monitor the packages, and view the content in the packages in "real time"?
Of course, it's not necessary to log everything - i was thinking more the possibility to log into the webinterface, and click "start", and it will start listing the packages until i click "stop". It could even be an option in the console. I remember some other firewall distro i used had some traffic monitor tools available in the console.
The main reason i want something like this, is to find out what computers are using my internet connection, and what they are using (are they idling in a p2p/torrent application), or are they actually doing something?
I have installed snort - but as far as i can see, i can't monitor the traffic myself?
-
tcpdump is built into pfSense.
-
sdale is working on a webgui frontend for tcpdump afaik. Search the forum, he has announced this feature somewhere.
-
I've used tcpdump like stated above and then wireshark (formerly ethereal) to analyze the packets on my other box.
-
Yes I've completed a gui for tcpdump which will capture packets. Once I knock some sense into my dev box and get something straightened out, I'll get the file committed and it should be available in an upcoming snapshot.
-
I`m using tcpflow
tcpflow -c -s -i fxp0 src or dst port 5050 for example
fxp0 is my interface …your can be different
tcpflow -c -s -i fxp0 src or dst host 192.168.1.3 and port 5050
another example but in this case sniffing an ip from your netwok
Those are for ports upper mentioned (yahoo messenger ;)) but of course that u can play with a lot of ports
-
Recent snapshots have a tcpdump GUI component.