AnsweredAssumed Answered

Copy raw packet capture from decoder to another file system or host.

Question asked by Brian Howard on Mar 7, 2014
Latest reply on Mar 11, 2014 by huan zhou

Would it be possible to have the raw packet capture from a decoder copied to another file system or host?  We are trying to limit the number of devices residing in a secure environment, but we want to be able to process the same traffic on multiple systems (SA, Snort, etc.).  The alternate system doesn't need to process the packets in real-time, so the capture could be saved to another area of the decoder file system or written to a CIFS share, etc.  I know the best way to do this would be to use aggregation taps, but that would require multiple sensors, decoders in the secure environment to process the packets.

Outcomes