I have a pfsense server, all of attacks will come to its WAN interface. i have setup another packet analysis tool on private network behind pfsense. i want to send realtime WAN traffic from pfsense WAN to backend private server, which is listening on its ethernet interface for the packets to analyze them.
Is it possible to send traffic in realtime to backend server? so moloch (the tool) can analyze traffic in realtime?
You can use sFlowTool to receive sFlow and forward to multiple destinations eg the pfsense server and backend private server(see http://blog.sflow.com/2012/01/forwarding-using-sflowtool.html).
You can also use sFlowTool (-t option) to export to pcap see http://blog.sflow.com/2011/11/wireshark.html