Build A Capture Device With Linux And Wireshark in 10 Minutes

I get a lot of emails asking how to build remote capture devices, especially when we make one when I’m onsite or remotely troubleshooting.

Before we get into it, I would like to explain that these remote capture computers are great for light duty use, like capturing packets from a client’s port when you are using a tap or mirror port.

This is not intended to replace heavy duty packet capture appliances you may have but mean to increase exposure to packet capture and analysis to more analysts.

I didn’t want this video to be 30 minutes, but more things you can consider after you have your computer up and running, is configuring the packet capture directory for SMB, ftp or http access or writing a script to transfer files to a server for you to analyze at a later date..