WireSpy (wsd) - captures packets and generates firewall rules and netflow logs.

WireSpy (wsd) – captures packets and generates firewall rules and netflow logs.

What is wsd?
Wirespy is a simple network sniffer for information security that extracts interesting metadata about network traffic and logs it. That sounds like a million other security and network tools, and it is in many ways though there are some very important differences.

Why use it?
Wirespy is not a replacement for tcpdump, wireshark or any of the other network sniffers. It has a specific purpose in providing long term metadata about network traffic including TCP flow logging. It is efficent and can monitoring live network traffic or process PCAP files.

wirespy v0.6

I use it on my network recorders to extract metadata from the PCAP files that takes up less space, further extended the number of months of network intelligence I can save before running out of disk space.

The TCP flow capability is tollerant of lost packets which are common when passively monitoring network traffic.

How to use it?
Wirespy can run as a daemon if you are using it to monitor live network traffic and can also process PCAP files saved using other tools that support libpcap format files.

Usage:

Source: https://github.com/rondilley