Hi Tim, Joel and Gary, I don't think that resources will be a problem. My LAN port is connected at 100mbit and my WAN is 1 mbit, and my monitoring host has 1 TB RAID. So, resources it's not the problem.
I want to redirect all traffic to make troubleshooting, (mainly SMTP and VoIP), but full traffic log some auditing will be a plus. This is why I'm using WireShark. Thanks, Anderson -----Mensagem original----- De: Gary Buckmaster [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 7 de junho de 2007 17:28 Para: [email protected] Assunto: Re: [pfSense Support] Remote Traffic Monitoring Many managed switches also allow you to specify a monitor or span port. You may then capture any/all traffic running across your switch backplane on that port. Idea for IDS applications or whatever it is you're wanting to do with all that traffic. Keep in mind that it takes a lot of resources to capture and process traffic so ensure that the machine you designate for the task is appropriately beefy. > > Tim Nelson > Technical Consultant > Rockbochs Inc. > > > Anderson Carli wrote: >> Hi all! >> >> I´m trying to monitor the traffic of my pfSense box. What I want is >> to dump all WAN traffic to a host in my LAN. >> >> Well, I achieve this using tcpdump, netcat and WireShark: >> >> 1. Capture all traffic with tcpdump and redirect to my host using netcat >> >> tcpdump -n -i fxp1 -w- | nc 192.168.0.1 4321 & >> >> 2. In the client host: >> nc -L -p 4321 > c:\fxp1.log >> >> 3. Now I can open the fxp1.log file with WireShark and see all the >> WAN traffic. >> >> >> But I´m wondering if there is a better way to do the same thing >> without netcat (using rpcap for example) >> >> Cheers >> >> Anderson >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
