i want to use my pfSense box for port mirroring to an IDS
i have read that this can be done using 'dup-to' and hacking 'filter.inc' but i would be really grateful if someone could flesh out some details
i have a fair deal of experience with linux and editing with nano and the like so it's really a matter of finding and getting to 'filter.inc' (under /etc somewhere i'm guessing) and understanding the syntax of 'dup-to'
essentially the pfS box will have a red NIC and a green NIC and also a third (orange or whatever) which will be attached solely to the IDS machine and what i'm after is ALL traffic through the pfS gets mirrored to that IDS machine
all and any help very gratefully received (and if someone thinks this thread needs to be elsewhere in the forum please do!)
You could just mirror the WAN\LAN port over to a random port on the switch and attach it to the IDS-machine then sniff.
Atleast that would be my way of doing it with procurve.