• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Continuous packet capture?

Scheduled Pinned Locked Moved pfSense Packages
3 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    zinzara
    last edited by Sep 15, 2014, 10:30 PM

    I have some experience analyzing traffic and was wondering if there's a way (package or otherwise) to continuously capture and save packets. Reason is, I also have some experience writing snort signatures and would like to look through my traffic from time to time and if I find anything I don't like and it wasn't caught by snort, I could write a signature on it. So, is there a way to do this? I would prefer to save onto the pfsense box but if I have to setup an external server that would be ok too. I realize this would add up quickly in storage requirements but this is on my home network which I don't do a whole lot on and I have a big hard drive. Thanks.

    1 Reply Last reply Reply Quote 0
    • C
      Cino
      last edited by Sep 15, 2014, 11:31 PM

      i've never set packet count to 0 but you could give it a try, look under: Diagnostics: Packet Capture

      1 Reply Last reply Reply Quote 0
      • B
        BBcan177 Moderator
        last edited by Sep 17, 2014, 10:21 PM

        @zinzara:

        I have some experience analyzing traffic and was wondering if there's a way (package or otherwise) to continuously capture and save packets. Reason is, I also have some experience writing snort signatures and would like to look through my traffic from time to time and if I find anything I don't like and it wasn't caught by snort, I could write a signature on it. So, is there a way to do this? I would prefer to save onto the pfsense box but if I have to setup an external server that would be ok too. I realize this would add up quickly in storage requirements but this is on my home network which I don't do a whole lot on and I have a big hard drive. Thanks.

        There is a Solution Called "Security Onion" that will do Full Packet Capture and more…

        http://blog.securityonion.net/p/securityonion.html
        https://code.google.com/p/security-onion/wiki/IntroductionToSecurityOnion

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received