Packet inspection/capture for EXE
-
I want to get the community's advice on the proper way to inspect & capture network activity via pfSense for EXE files downloaded via HTTP. I would like to capture the file download process in order to examine the EXE to check for the legality of the content.
-
There is an IDS package called "Security Onion" which provides full packet capture.
http://blog.securityonion.net/
The pfSense Snort package will only alert or block depending on how you set it up. It does not currently have capture capability.
-
can a tcpdump file be converted to exe?
-
can a tcpdump file be converted to exe?
In Security Onion, you can recover files in multiple formats.
The new pfSense Suricata package also has file capture capability.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.