George Shuklin

Asked: 2021-08-31 05:58:12 +0800 CST2021-08-31 05:58:12 +0800 CST 2021-08-31 05:58:12 +0800 CST

daemonized alternative to tcpdump to save mirrored traffic

I need to save mirrored traffic for audit purposes. Traffic for audited server is send to other server. I need to capture that traffic on dedicated interface, save it to pcap files of reasonable scope (rotation by date/size), and (may be) upload and purge them.

I can glue together some bash and tcpdump inside systemd unit, but, may be, there is a ready-made solution for that?

1 Answers

Voted

hargut
2021-09-23T00:00:51+08:002021-09-23T00:00:51+08:00
As your requirement is not really clear the suggestion may not fit, but I do recommend to look into ntop. Eventually it provides a solution for your use-case. For packet capturing it uses libpcap which is also used within tcpdump.

https://www.ntop.org/
0

daemonized alternative to tcpdump to save mirrored traffic

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?