Firewall – Monitor traffic between two network switches using a transparent firewall

firewallmonitoringport-mirroringtcpdump

For debugging reasons i need to see what network traffic especially TCP is transmitted or not.

I thought about using an Endian firewall for this, but it doesn't support 2 network interfaces with the same IP range.

I am looking for a Linux solution which I can plug between the two switches in order to monitor all traffic passing by.

What I found out so far is that I am probably searching for a "transparent firewall" solution.

Best Answer

The best option for me would be to put a network tap between the switches. You can however put a Linux box with 2 interfaces and set it up as a bridge.

# brctl addbr br0
# brctl addif br0 eth0
# brctl addif br0 eth1
# brctl setageing br0 0
# ip link set dev br0 up promisc on

Then you can look at the traffic traversing the bridge using tcpdump as usual.

# tcpdump -i br0

Best Answer

Related Solutions

How to Monitor Network in Medium-Sized Company

Firewall – reason not use pfsense as transparent firewall

Related Topic