PcapDB Overview

PcapDB is a packet capture system designed to optimize the captured data for fast search in the typical (network incident response) use case. A PcapDB installation consists of a Search Head and one or more Capture Nodes. The Search Head can also be a Capture Node, or it can be a VM somewhere else. The first requirement is that PcapDB is designed to work only on Linux servers. PcapDB uses quite a few off-the-shelf open source systems, and it’s useful to understand how those pieces fit into the larger system.

You can read detailed description about requirements, installation and settings in a post https://github.com/dirtbags/pcapdb . In addition to the detailed description, you can learn about the various subsystems.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.