Pcapdaemon - remote packet capture automation

If you have a lot of processes (like Nagios, OSSEC, Snort, BRO, Splunk, etc.) all creating their own captures for debugging and forensics, and your capture points are spread across many sites, there is a real need to automate remote captures from any number of feeder sources.

Enter the open source pcapdaemon, pioneered by Dan Murphy of Biscayne DevOps. This tool utilizes redis and its pub/sub mechanism to allow the capture tool to listen for requests to start captures. When the capture is finished, it can be pushed up to CloudShark.

Distributed across many different traffic sources, this creates a powerful tool to track network issues, security events, or application failures.