Having recently configured a network monitoring system using sguil , talk of how to capture traffic on a switched network came into play.
If you are fortunate enough to have a managed switch then all that is necessary is to create a mirrored or span port which will replay all switch traffic to the port of your choosing. This enables you to set up a sniffer on that port to monitor and listen to the traffic going across your switch. What if you don't have a managed switch?
Several options exist. One option is to use a network tap such as those offered from Net Optics(no affiliation). What if you do not have the money to spend on a dedicated tap device? Create your own!
If you have not used OpenBSD, now is the time to begin. Creating a bridge(w/ span port) with OpenBSD requires 3 NICS. Use ifconfig to bring up the two NICs that will be used to bridge the connection (since this will be an inline device). Use ifconfig to create the bridgeN device, where N is a number. Use brconfig to add the two bridging network interfaces and the third network interface as a span port. Reboot to make sure your changes stick and you have your own homemade network tap.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment