Packet inspection/capture for EXE
-
I want to get the community's advice on the proper way to inspect & capture network activity via pfSense for EXE files downloaded via HTTP. I would like to capture the file download process in order to examine the EXE to check for the legality of the content.
-
There is an IDS package called "Security Onion" which provides full packet capture.
http://blog.securityonion.net/
The pfSense Snort package will only alert or block depending on how you set it up. It does not currently have capture capability.
-
can a tcpdump file be converted to exe?
-
can a tcpdump file be converted to exe?
In Security Onion, you can recover files in multiple formats.
The new pfSense Suricata package also has file capture capability.