Full Packet Capture for the Masses
This is a simple framework to implement Full Packet Capture in a distributed way. The idea is to have the smaller footprint as possible on sensors.
The framework is based on two Docker containers:
- a Moloch server
- a sensor
The sensor collects traffic using tcpdump and uploads collected PCAP files to the central Moloch server via SCP.
SANSFire Edition: Containers have been updated to use Socat and transfer PCAP data in realtime.