@jadedtwin AF pkt - it runs the show #promisc #noarp #netlink

I will see if i can get arkime storing pkts - i think it needs elastic? maybe not, ultimately i will likely install selks 8 or malcolm or security onion - i like running it off the bridge? - i may go back to the mirrored port #noarp #promisc

new bike is bridge too fr and a luxury - am going to finish out the local lan boxes, get a vps and a couple monster drives, will try to get ids/ips and vital 24/7 pkt cap going plus maybe a ssl/tls proxy - combined with fog server and viln clients could make a fun exploit testing setup but moreover i just want the pkt cap most of all for audit trail and visibility #elk stack #malcolm #selks10 #sec onion #polar proxy #sslstrip #promisc #noarp #arkime
#sftp server #accounts #dmz #segmented lans #vlans #spanning port #openwrt #port mirror #fog server #suricata #snort

installing selks10 on ext ssd - have to check it out #promisc #no arp #0.0.0.0 #siem #noc

i can only do debugging and complex setups for an hour or two - need a break from malcolm sheesh - i have found out i don't know jack squat about bridges and networking - it can be infuriating and maddening but that is part of the process #brctl #tap #tun #vnet2 #arp #promisc #ip link