From owner-freebsd-net@FreeBSD.ORG  Sat Feb 15 23:44:49 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E1496D15
 for <freebsd-net@freebsd.org>; Sat, 15 Feb 2014 23:44:49 +0000 (UTC)
Received: from vps.hungerhost.com (vps.hungerhost.com [216.38.53.176])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id AFD5714F4
 for <freebsd-net@freebsd.org>; Sat, 15 Feb 2014 23:44:49 +0000 (UTC)
Received: from pool-96-250-5-187.nycmny.fios.verizon.net ([96.250.5.187]:62952
 helo=new-host-2.home)
 by vps.hungerhost.com with esmtpsa (TLSv1:AES128-SHA:128)
 (Exim 4.80.1) (envelope-from <gnn@neville-neil.com>)
 id 1WEoue-0000bo-Ib; Sat, 15 Feb 2014 18:44:48 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
Subject: Re: Recommendations for packet capture
From: George Neville-Neil <gnn@neville-neil.com>
In-Reply-To: <CAEjQA5+KT3y3Y0C9r1uK=7JshT4OcJhEPw3Oztqpbh6x==HBHg@mail.gmail.com>
Date: Sat, 15 Feb 2014 18:44:47 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <3D9E8EFA-1EB0-4CA6-B26E-CA87553150E3@neville-neil.com>
References: <CAEjQA5L=hCo56SLMgK-wKH-CzOpDN2vHYwP_ySd1QEK5HccM6Q@mail.gmail.com>
 <1392304466.63673.23.camel@btw.pki2.com>
 <CAEjQA5+KT3y3Y0C9r1uK=7JshT4OcJhEPw3Oztqpbh6x==HBHg@mail.gmail.com>
To: "C. L. Martinez" <carlopmart@gmail.com>
X-Mailer: Apple Mail (2.1827)
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.hungerhost.com
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - neville-neil.com
X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id:
 gnn@neville-neil.com
Cc: FreeBSD Net <freebsd-net@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Feb 2014 23:44:49 -0000


On Feb 14, 2014, at 2:21 , C. L. Martinez <carlopmart@gmail.com> wrote:

> On Thu, Feb 13, 2014 at 3:14 PM, Dennis Glatting <dg@pki2.com> wrote:
>> On Thu, 2014-02-13 at 09:14 +0000, C. L. Martinez wrote:
>>> Hi all,
>>>=20
>>> I need to setup some FreeBSD (or Linux, it depends) hosts to use as =
a
>>> packet capture sensors for our infrastrucutre.
>>>=20
>>> Searching about software that I could use under FreeBSD, I only find
>>> these ones:
>>>=20
>>> a) daemonlogger
>>> b) streamdb
>>>=20
>>> For Linux, it seems exits more alternatives. Any suggestions??
>>>=20
>>> I need to monitor 1 GiB networks.
>>>=20
>>=20
>> I've not (yet) used these:
>>=20
>> /usr/ports/security/sguil-client
>> /usr/ports/security/sguil-sensor
>> /usr/ports/security/sguil-server
>>=20
>>=20
>>> Thanks.
>=20
> Thanks Dennis, but Sguil is not a packet capture componente. Sguil
> needs daemonlogger to show you captured data.

I might be a bit confused.  Can you just use tcpdump with the =
appropriate flags
to limit the size and number of files?

What are you trying to achieve?

Best,
George