I'm looking into mirroring some ports on our LAN and hoping to keep about 1 week of pcaps. I know of Bro, but what other software are people using for this? Is this common?
Bonus feature would be to replay some PCAPs.
EDIT - to clarify, this would a continuously running service that would ingest 4-6 port mirrors and keep the packets on disk.
No comments:
Post a Comment