Monitoring port?



  • Is there a function like monitoring port? (or monitoring ip?) so you send all information to another computer for analysis?



  • status>systemlog, settings. Set up a remote syslogserver and send your logs there. Additionally you can monitor by using services>snmp.



  • @hoba:

    status>systemlog, settings. Set up a remote syslogserver and send your logs there. Additionally you can monitor by using services>snmp.

    But the syslogserver does only handle the logs. I want o have all the data to another computer for analysing. Lots of switches has the option "monitoring port" then it sends all the data that goes through the switch to this port….



  • You want to sniff your clients connections?  That's not doable yet. You have to use a switch which is capable to do so or simply a hub.



  • Since i didnt find the option in pfsense i thougt about the hub-thingie, before… thats a workable sollution, to still have my clients in a switched environment i could set it up like this.

    pfsense -> hub -> switch -> clients

    and just have the "listening computer" connected to the hub...

    I'll guess i have to do so untill the function "appears" :)

    Thanks for the help!



  • Man in the middle attack with the help of arp-poisioning works well in a switched enviroment, the only downside is that it might add alot of latency in the local network. Have a look at:
    http://ettercap.sourceforge.net/



  • http://www.oxid.it/cain.html is very powerfull for arp poisened sniffing too but these kind of stuff can be detected. the Hub is probably the easier more "invisible" way to do it.


Locked