An alchemists view from the bar

Network Security Alchemy

OpenFPC – An update: v0.2.97 available (woohoo!)

with 4 comments

It’s been a couple of months since I first posted about the OpenFPC project, so I thought it’s time that I provided a little update.

Firstly, I need to throw some karma over to Edward Fjellskål (http://gamelinux.org), so… Edward++.

Edward and I have merged the OpenFPC and FPCGUI projects, it makes way more sense to combine our efforts as our goals are similar while our approaches have been from different angles. We both see a need to unify all of the home-brew full-packet-capture/network forensics tools we see out there in the wild.

OpenFPC now has a new home, http://www.openfpc.org.  So, if you’re looking for a distributed wrapper for your daemonlogger instances, or if you’re still trying to get tcpdump to log in a ringbuffer and share access over multiple analysts, devices, and tools, head on over to www.openfpc.org to read all about it. Here are a couple of quick links for those who want to jump right in:

I’m looking for people to help test and provide feedback now so I can fix problems and tweak things ahead of a full release.

Good luck, and please let me know your feedback.

-Leon

Advertisements

Written by leonward

August 2, 2010 at 9:53 pm

Posted in OpenFPC, Security

Tagged with , , , , , , ,

4 Responses

Subscribe to comments with RSS.

  1. Is it possible to set it up to monitor multiple interfaces on a server? if not, feature request! 🙂

    Bryan

    August 3, 2010 at 1:12 am

    • Should be. Create two instances of ofpc-queued.pl on different ports. Then run two daemonlogger instances The advanced setup should allow you to specify pid file locations so they don’t clash, but the initial script will only work with one right now.

      I’ll make sure it’s implemented for the next release.

      leonward

      August 3, 2010 at 6:55 am

  2. Gents, nice project!
    is it possible to follow a complete stream/session? As sometimes ids (don’t know about snort) do not always show the packet of interest.

    keep it up.

    nqe

    August 16, 2010 at 11:14 pm

    • Sure, and to pull out other data related to the incident.

      leonward

      August 17, 2010 at 7:25 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: