I like pfSense as my firewall and have found it to be very powerful and user-friendly. I wanted to do some network analyzing via Ethereal, but found myself limited. pfSense doesn’t have any C compiler, GUI OS (KDE or Gnome), and is as much a pain to work with as any other stripped-down and highly-specialized flavor of linux. But I came up with a quick and easy work-around.

First, I run tcpdump (included w/ pfSense):

tcpdump -s 512 -w foo.cap host gateway

I then download the capture file to my PC where I open the file with Ethereal (which can read tcpdump logs). And, boom, easily analyzed and graphical data!

Categories: Tech