Port Mirroring with pfSense?
-
(Apologies if this is discussed somewhere already – I've searched the forums and not found anything)
I'm wondering if it's possible to do Port Mirroring (or equivalent) with pfSense? Basically I have a Soekris net4801 that has 3 ethernet ports. I was wondering if it was possible to configure the 3rd port to have it mirror all the traffic to another machine, where I could run various analysis/monitoring programs (such as ntop, snort etc.) that might be too memory hungry to run well on the Soekris?
Is this possible at all, or do I really need a managed switch for it?
Thanks
Nancy
-
There is a dup-to keyword for pf that would allow this, but you can't configure it in the GUI. It could be done with some manual hacking of filter.inc.
-
Thanks, I'll see if I can get something working with "dup-to".
Nancy