Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port mirroring

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gasman
      last edited by

      hi

      i want to use my pfSense box for port mirroring to an IDS

      i have read that this can be done using 'dup-to' and hacking 'filter.inc' but i would be really grateful if someone could flesh out some details

      i have a fair deal of experience with linux and editing with nano and the like so it's really a matter of finding and getting to 'filter.inc' (under /etc somewhere i'm guessing) and understanding the syntax of 'dup-to'

      essentially the pfS box will have a red NIC and a green NIC and also a third (orange or whatever) which will be attached solely to the IDS machine and what i'm after is ALL traffic through the pfS gets mirrored to that IDS machine

      all and any help very gratefully received (and if someone thinks this thread needs to be elsewhere in the forum please do!)

      cheers

      1 Reply Last reply Reply Quote 0
      • E
        eirikz
        last edited by

        You could just mirror the WAN\LAN port over to a random port on the switch and attach it to the IDS-machine then sniff.

        Atleast that would be my way of doing it with procurve.

        Running pfSense on :
        DL380G4 with ESX Vsphere and DL360G4p bare metal

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.