Full Packet Capture for the Masses
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
indexer update on resource names for elasticsearch Sep 12, 2018
sensor SANSFire edition Jul 13, 2018
README.md Update README.md Jul 13, 2018

README.md

Full Packet Capture for the Masses

This is a simple framework to implement Full Packet Capture in a distributed way. The idea is to have the smaller footprint as possible on sensors.

The framework is based on two Docker containers:

  • a Moloch server
  • a sensor

The sensor collects traffic using tcpdump and uploads collected PCAP files to the central Moloch server via SCP.

SANSFire Edition: Containers have been updated to use Socat and transfer PCAP data in realtime.