Well, have you looked at pfSense (https://pfsense.org/download/)? I see packages for stuff like an IDS, Flow exporters, nmap, and ntopng. It probably wouldn't be too hard to get wireshark or tshark running on it. And the web gui has packet capture (via tcpdump) built in now.