APU1D4 as passive network sniffer?
-
I have a spare APU1D4 laying around that is no longer being used as a router. I was looking to buy a network tap, but am wondering if I could easily configure it as an appliance with pfSense to do what I'm looking for.
Basically I want one interface to connect to a switch or router with internet access. The second interface would connect to a computer and I want to mirror all of the traffic from that second interface connected to the computer to the third interface and put a packet capturing system on it.
I think this could be accomplished by bridging the two interfaces, but I'm not sure.
Anyone done something like this with pfSense? If so any tips on how to go about it?
-
Use a switch. Blank VLAN for both sides and a mirror port going to the APU.
You could install pfSense or just FreeBSD and run a circular tcpdump process.
-
I need something like this http://www.dual-comm.com/port-mirroring-LAN_switch.htm
Something I can carry in my bag and put in line between a computer and all other networking gear and then easily connect another computer to sniff, watch traffic, etc.
But since I have the spare APU, I'm wondering if I can repurpose this hardware without spending more money.
-
It's not a switch and you shouldn't use a router to do a switch's job. But look at bridging two of the interfaces. Not sure if you can tcpdump the bridge members or not.
-
A small switch with a mirrored port is able to get for less than $100.
Netgear GS105Ev2
Netgear GS108Ev2So if the network tap is able to get for $59, take it! Together with a laptop, because it is USB powered
you could not get it better in my eyes. And together with WINDUMP and WireShark you might be able
to sniff what you want and on top you could dig into the stored captured packets.The APU1D4 could be sorted with FreeBSD or a Linux version of your choice likes CentOS
that came hardened by default and for Linux you may able to get many programs for free
of charge and easy to install if you are often on the road.
