NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

fugglefeet's avatar
fugglefeet
Follower
Feb 14, 2021

NETGEAR GS716Tv3 configuration for packet monitoring

Hi all,

 

Here is my current configuration:-

 

      LTE Modem

             |

      Firewall

             |

      Netgear Switch ===== Monitoring PC

             |            |___________|

             |           

      LAN Network

 

Currently the packet monitoring interface on the monitoring PC (running Security Onion) is 2 NICs in Bond mode with LACP enabled on both ends (represented by the equal signs). The management interface obtains its IP address from the DHCP server on the firewall. What I would like to do is capture/monitor the traffic between the LTE Modem and the Firewall. The WAN interface on the firewall obtains its IP address from the LTE Modem. Any suggestions how to approach this for best results?

 

I already have the Bond setup on the NetGear for monitoring interface. I was thinking of creating a Bridge on ports 13 and 14 where the firewall and LTE Modeom would connect. Then mirror the Bridge onto the Bond to capture the traffic. Afterwards put this on its own VLAN to prevent crosstalk from the rest of the LAN.

 

Suggestions and input welcome.

 

fugglefeet

 

1 Reply

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Feb 14, 2021

    Understand the idea of using a LAG to the packet monitoring system to have enough bandwidth for both the traffic monitoring plus the computer network access or following strange ideas 8-) (sorry). Trouble is that's not the way the a traffic monitoring system works. Scratch the LAG/aggregation, bridge, whatever ...

     

    1. Use one interface for the network connection of the monitoring PC, normal data traffic IP on the PC et all.

     

    2. Configure the Port MIrroring on the switch, select the Switch port connecting to the firewall as a source, and define an unused port as the port mirroring Destination Port. Don't forget to enable it.

     

    3. This port does connect to an interface not handling any Monitoring PC traffic - it's just a passive "receiver" for getting the promiscuous data (no IP et all) - this is where you configure the security software as the sniffing port. There is no Monitoring PC traffic possible on this port.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More