Using a multihomed PC to sniff traffic inline

T

Thatguy031415

OK...so I'm a security analyst, not a network engineer. As such, all my understanding of how networks are set up is basically conceptual. That said, I have a few extra computers laying around, and decided to run a NIDS on my home network. The machine I plan to use as a sensor has two ethernet NICs and a wifi card. Basically, I want to plug the modem into one ethernet port, and the router into the other, and have the machine inspect the packets as they pass through...this should give me visibility on every packet that enters or leaves my network. Problem is, I have no idea how to configure this. I wish it was as easy as 'plug and play,' but clearly that isn't going to work. How do I set up the machine to take traffic coming from the modem on one ethernet card, and pass it along to the router on the other?

Let's see...my router, unfortunately, is not configurable for SPAN, so that won't work. I have a DIR-868L Wireless AC router, and the machine I want to use as a sensor is running Windows 8.1

What other information might anyone need in order to help me out with this?
 
Let's sync up on the concept, you want

ISP=>modem<--->MonitoringPC<-->siteRouter <- - -> all lan attached users.

You realize that the MonitoringPC will need to disable its firewall and thus be exposed to all sorts of exposures.

You have at least two instrumentation points (a) the modem-side port vs (b) the router side port AND
you need the routing table tweaked.

If you place software between (a) & (b) ports, then there's a proxy to be configured.
 
Btw: multihome is a tad different than the original layout in (1)
  1. ISP=>modem<--->MonitoringPC<-->siteRouter <- - -> all lan attached users.
  2. ISP1=>modem/router[1]<--->PC<-->[2]router/modem<-->ISP2
In (2) there are two ways to access the Internet, specifically using two ISP connections
(best if they are unique, but that's not required). A multihomed system has two or more default routes.

in (1) the PC just has two NIC adapters and there will be only one default route in the routing table.
 
You must log in or register to reply here.

Similar threads

A
Unexpected problem with a new Asus RT-AX58U V2
Replies
2
Views
125
ajay11
A
A
BitTorrent dethroned as the main source of internet's upstream traffic
Replies
11
Views
213
Axeia
Axeia
midian182
Mystery of LG washing machine using 3.6GB of data daily could have a simple explanation
2
Replies
37
Views
748
ZedRM
ZedRM

Latest posts

Back