- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
NETGEAR GS716Tv3 configuration for packet monitoring
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NETGEAR GS716Tv3 configuration for packet monitoring
Hi all,
Here is my current configuration:-
LTE Modem
|
Firewall
|
Netgear Switch ===== Monitoring PC
| |___________|
|
LAN Network
Currently the packet monitoring interface on the monitoring PC (running Security Onion) is 2 NICs in Bond mode with LACP enabled on both ends (represented by the equal signs). The management interface obtains its IP address from the DHCP server on the firewall. What I would like to do is capture/monitor the traffic between the LTE Modem and the Firewall. The WAN interface on the firewall obtains its IP address from the LTE Modem. Any suggestions how to approach this for best results?
I already have the Bond setup on the NetGear for monitoring interface. I was thinking of creating a Bridge on ports 13 and 14 where the firewall and LTE Modeom would connect. Then mirror the Bridge onto the Bond to capture the traffic. Afterwards put this on its own VLAN to prevent crosstalk from the rest of the LAN.
Suggestions and input welcome.
fugglefeet
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: NETGEAR GS716Tv3 configuration for packet monitoring
Understand the idea of using a LAG to the packet monitoring system to have enough bandwidth for both the traffic monitoring plus the computer network access or following strange ideas 8-) (sorry). Trouble is that's not the way the a traffic monitoring system works. Scratch the LAG/aggregation, bridge, whatever ...
1. Use one interface for the network connection of the monitoring PC, normal data traffic IP on the PC et all.
2. Configure the Port MIrroring on the switch, select the Switch port connecting to the firewall as a source, and define an unused port as the port mirroring Destination Port. Don't forget to enable it.
3. This port does connect to an interface not handling any Monitoring PC traffic - it's just a passive "receiver" for getting the promiscuous data (no IP et all) - this is where you configure the security software as the sniffing port. There is no Monitoring PC traffic possible on this port.
User | Count |
---|---|
5 | |
2 | |
1 | |
1 | |
1 |