This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Copy raw packet capture from decoder to another file system or host.

Go to solution
BrianHoward
Beginner
Beginner

‎2014-03-07 12:48 PM

Would it be possible to have the raw packet capture from a decoder copied to another file system or host?  We are trying to limit the number of devices residing in a secure environment, but we want to be able to process the same traffic on multiple systems (SA, Snort, etc.).  The alternate system doesn't need to process the packets in real-time, so the capture could be saved to another area of the decoder file system or written to a CIFS share, etc.  I know the best way to do this would be to use aggregation taps, but that would require multiple sensors, decoders in the secure environment to process the packets.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
huanzhou1
Beginner
Beginner

‎2014-03-10 10:37 AM

export.packet.enable?

or use REST /sdk/packets to export as pcap?

View solution in original post

0 Likes
3 REPLIES 3

Go to solution
huanzhou1
Beginner
Beginner

‎2014-03-10 10:37 AM

export.packet.enable?

or use REST /sdk/packets to export as pcap?

0 Likes

Go to solution
BrianHoward
Beginner
Beginner
In response to huanzhou1

‎2014-03-11 12:13 PM

Thanks for the reply!

Any idea how much this will impact the decoder(s)?  I would imagine the busier the decoder the more stress this will add, but how much?

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to BrianHoward

‎2014-03-11 12:22 PM

i don't have the benchmark, maybe u can open case with support or monitor the performance after you enable

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.