Monday, August 26, 2013

Moloch Packet Auditing

I recently came across another open-source packet capturing/auditing system called Moloch. It uses elasticsearch and can be run as a single node, or (by design) as a distributed network of capture boxes. It has a nice user interface that allows you to drill down into the packet data, pull a pcap of the packet you're looking at or download the entire packet capture. You can find it here. We've begun testing it where I work in a limited (single node) fashion, so I don't know how well the distributed piece works, but it looks very promising from what I've seen so far.

No comments:

Blog Archive