We have an application that requires a port-forward to function (according to the developers - it's niche software, so we don't have much room to argue). They won't disclose the IP addresses initiating a connection, so it's wide-open at this stage.
The router/firewall device is a Netgate appliance running pfSense 2.4.4. WAN circuit is 100 Mbps, although I would not expect to see much traffic, if any on the port-forwarded port?
What is the best way of setting up a long-term packet capture (filtering for the port-forwarded port), on the WAN interface?
The firewall appliance doesn't have a lot of storage (and it's a slow eMMC drive), so I assume I'd want to offload storage to another server on the network, right?
I assume I'd also want some kind of rotation going.
I've read there's tcpdump, dumpcap, wireshark etc.
What would people suggest here?
(Some people mention setting up a SPAN port - however, I assume that means I'd need another switch that sat in front of the WAN interface on the Netgate firewall, right?)
No comments:
Post a Comment