Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
Monday, August 26, 2013
Moloch Packet Auditing
I recently came across another open-source packet capturing/auditing system called Moloch. It uses elasticsearch and can be run as a single node, or (by design) as a distributed network of capture boxes. It has a nice user interface that allows you to drill down into the packet data, pull a pcap of the packet you're looking at or download the entire packet capture. You can find it here. We've begun testing it where I work in a limited (single node) fashion, so I don't know how well the distributed piece works, but it looks very promising from what I've seen so far.
Subscribe to:
Posts (Atom)