Date: Sat, 15 Feb 2014 18:44:47 -0500 From: George Neville-Neil <gnn@neville-neil.com> To: "C. L. Martinez" <carlopmart@gmail.com> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Recommendations for packet capture Message-ID: <3D9E8EFA-1EB0-4CA6-B26E-CA87553150E3@neville-neil.com> In-Reply-To: <CAEjQA5%2BKT3y3Y0C9r1uK=7JshT4OcJhEPw3Oztqpbh6x==HBHg@mail.gmail.com> References: <CAEjQA5L=hCo56SLMgK-wKH-CzOpDN2vHYwP_ySd1QEK5HccM6Q@mail.gmail.com> <1392304466.63673.23.camel@btw.pki2.com> <CAEjQA5%2BKT3y3Y0C9r1uK=7JshT4OcJhEPw3Oztqpbh6x==HBHg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 14, 2014, at 2:21 , C. L. Martinez <carlopmart@gmail.com> wrote: > On Thu, Feb 13, 2014 at 3:14 PM, Dennis Glatting <dg@pki2.com> wrote: >> On Thu, 2014-02-13 at 09:14 +0000, C. L. Martinez wrote: >>> Hi all, >>>=20 >>> I need to setup some FreeBSD (or Linux, it depends) hosts to use as = a >>> packet capture sensors for our infrastrucutre. >>>=20 >>> Searching about software that I could use under FreeBSD, I only find >>> these ones: >>>=20 >>> a) daemonlogger >>> b) streamdb >>>=20 >>> For Linux, it seems exits more alternatives. Any suggestions?? >>>=20 >>> I need to monitor 1 GiB networks. >>>=20 >>=20 >> I've not (yet) used these: >>=20 >> /usr/ports/security/sguil-client >> /usr/ports/security/sguil-sensor >> /usr/ports/security/sguil-server >>=20 >>=20 >>> Thanks. >=20 > Thanks Dennis, but Sguil is not a packet capture componente. Sguil > needs daemonlogger to show you captured data. I might be a bit confused. Can you just use tcpdump with the = appropriate flags to limit the size and number of files? What are you trying to achieve? Best, George
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D9E8EFA-1EB0-4CA6-B26E-CA87553150E3>