Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port mirroring

    General pfSense Questions
    2
    2
    1386
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gasman last edited by

      hi

      i want to use my pfSense box for port mirroring to an IDS

      i have read that this can be done using 'dup-to' and hacking 'filter.inc' but i would be really grateful if someone could flesh out some details

      i have a fair deal of experience with linux and editing with nano and the like so it's really a matter of finding and getting to 'filter.inc' (under /etc somewhere i'm guessing) and understanding the syntax of 'dup-to'

      essentially the pfS box will have a red NIC and a green NIC and also a third (orange or whatever) which will be attached solely to the IDS machine and what i'm after is ALL traffic through the pfS gets mirrored to that IDS machine

      all and any help very gratefully received (and if someone thinks this thread needs to be elsewhere in the forum please do!)

      cheers

      1 Reply Last reply Reply Quote 0
      • E
        eirikz last edited by

        You could just mirror the WAN\LAN port over to a random port on the switch and attach it to the IDS-machine then sniff.

        Atleast that would be my way of doing it with procurve.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy