Recommendations for packet capture
George Neville-Neil
gnn at neville-neil.com
Sat Feb 15 23:44:49 UTC 2014
On Feb 14, 2014, at 2:21 , C. L. Martinez <carlopmart at gmail.com> wrote:
> On Thu, Feb 13, 2014 at 3:14 PM, Dennis Glatting <dg at pki2.com> wrote:
>> On Thu, 2014-02-13 at 09:14 +0000, C. L. Martinez wrote:
>>> Hi all,
>>>
>>> I need to setup some FreeBSD (or Linux, it depends) hosts to use as a
>>> packet capture sensors for our infrastrucutre.
>>>
>>> Searching about software that I could use under FreeBSD, I only find
>>> these ones:
>>>
>>> a) daemonlogger
>>> b) streamdb
>>>
>>> For Linux, it seems exits more alternatives. Any suggestions??
>>>
>>> I need to monitor 1 GiB networks.
>>>
>>
>> I've not (yet) used these:
>>
>> /usr/ports/security/sguil-client
>> /usr/ports/security/sguil-sensor
>> /usr/ports/security/sguil-server
>>
>>
>>> Thanks.
>
> Thanks Dennis, but Sguil is not a packet capture componente. Sguil
> needs daemonlogger to show you captured data.
I might be a bit confused. Can you just use tcpdump with the appropriate flags
to limit the size and number of files?
What are you trying to achieve?
Best,
George
More information about the freebsd-net
mailing list