Continuous packet capture?

zinzara

I have some experience analyzing traffic and was wondering if there's a way (package or otherwise) to continuously capture and save packets. Reason is, I also have some experience writing snort signatures and would like to look through my traffic from time to time and if I find anything I don't like and it wasn't caught by snort, I could write a signature on it. So, is there a way to do this? I would prefer to save onto the pfsense box but if I have to setup an external server that would be ok too. I realize this would add up quickly in storage requirements but this is on my home network which I don't do a whole lot on and I have a big hard drive. Thanks.

Cino

i've never set packet count to 0 but you could give it a try, look under: Diagnostics: Packet Capture

BBcan177

@zinzara:

I have some experience analyzing traffic and was wondering if there's a way (package or otherwise) to continuously capture and save packets. Reason is, I also have some experience writing snort signatures and would like to look through my traffic from time to time and if I find anything I don't like and it wasn't caught by snort, I could write a signature on it. So, is there a way to do this? I would prefer to save onto the pfsense box but if I have to setup an external server that would be ok too. I realize this would add up quickly in storage requirements but this is on my home network which I don't do a whole lot on and I have a big hard drive. Thanks.

There is a Solution Called "Security Onion" that will do Full Packet Capture and more…

http://blog.securityonion.net/p/securityonion.html
https://code.google.com/p/security-onion/wiki/IntroductionToSecurityOnion