Questions on OPNsense capability

[xaz]

I am new to OPNsense and I am not sure if it is possible to achieve what I am looking for it to do. I have network at a location where I need OPNsense to function as the gateway/router for but on this network I also have some machines connected via wifi that i need monitor the traffic and I need for the following information to be gathered:

• Capture connection details via forwarded ports, including remote IP address, packets (if connection is unencrypted) and the local IP address of the connection.
• Capture connection details between two local machines including the local IP address, packets (if connection is unencrypted) and the local IP address of the machine.

Is OPNsense capable of doing this?

[fabian]

You can temporary run a packet capture but for a permanent packet capture it would make sense to use a specialized appliance like moloch.

https://molo.ch/

[xaz]

You can temporary run a packet capture but for a permanent packet capture it would make sense to use a specialized appliance like moloch.

https://molo.ch/

would moloch run on separate hardware on on opnsense hardware?

[Antaris]

Hi xaz,

You can also take a look @ Sensei. It have very good session details and turns OPNsense in to the best NGFW so far. Even have a free version.

https://forum.opnsense.org/index.php?topic=9521.0

[fabian]

Moloch should and must not run on OPNsense. You need to add a mirror port on your Layer 2 devices to capture the traffic.