• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Monitoring port?

Scheduled Pinned Locked Moved General pfSense Questions
7 Posts 3 Posters 3.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    soft0
    last edited by Dec 11, 2006, 9:58 AM

    Is there a function like monitoring port? (or monitoring ip?) so you send all information to another computer for analysis?

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Dec 11, 2006, 10:32 AM

      status>systemlog, settings. Set up a remote syslogserver and send your logs there. Additionally you can monitor by using services>snmp.

      1 Reply Last reply Reply Quote 0
      • S
        soft0
        last edited by Dec 11, 2006, 1:53 PM

        @hoba:

        status>systemlog, settings. Set up a remote syslogserver and send your logs there. Additionally you can monitor by using services>snmp.

        But the syslogserver does only handle the logs. I want o have all the data to another computer for analysing. Lots of switches has the option "monitoring port" then it sends all the data that goes through the switch to this port….

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by Dec 11, 2006, 4:09 PM

          You want to sniff your clients connections?  That's not doable yet. You have to use a switch which is capable to do so or simply a hub.

          1 Reply Last reply Reply Quote 0
          • S
            soft0
            last edited by Dec 11, 2006, 5:37 PM

            Since i didnt find the option in pfsense i thougt about the hub-thingie, before… thats a workable sollution, to still have my clients in a switched environment i could set it up like this.

            pfsense -> hub -> switch -> clients

            and just have the "listening computer" connected to the hub...

            I'll guess i have to do so untill the function "appears" :)

            Thanks for the help!

            1 Reply Last reply Reply Quote 0
            • S
              squarepusher
              last edited by Dec 11, 2006, 5:43 PM

              Man in the middle attack with the help of arp-poisioning works well in a switched enviroment, the only downside is that it might add alot of latency in the local network. Have a look at:
              http://ettercap.sourceforge.net/

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by Dec 11, 2006, 8:23 PM

                http://www.oxid.it/cain.html is very powerfull for arp poisened sniffing too but these kind of stuff can be detected. the Hub is probably the easier more "invisible" way to do it.

                1 Reply Last reply Reply Quote 0
                1 out of 7
                • First post
                  1/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received