I am pretty new to all this software. I have managed to install and configure my own firewall machine that sits between the internet and my 2 internal networks.
I have etherape installed on my main machine and it obviously only monitors the traffic to and from this machine.
What I wan to know is if it is possible to put etherape on the firewall machine so I can monitor ALL traffic to and from the entire network.
look forward to your info.
Regards
Mark m
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Nothing prevents you to use etherape on a machine directly connected to internet, like a firewall.
You need to be very careful, however, because etherape needs:
- root privileges to capture traffic. Thus a security bug in etherape can compromise your system (I'm not aware of any such bug, and etherape takes some care to avoid the usual security pitfalls, but bugs happen).
- an X server to display its data. On a firewall, usually X isn't needed, and using it can be a significant security risk.
There are ways to mitigate and event eliminate both issues, but unless you know what are you doing, I strongly advise against using etherape on your firewall.
A much better solution would be placing etherape on an internal machine, directly behind your firewall and between it and your network. For example, by using an hub, or the analysis port of your switch, if it has one.
A possible arrangement could be
Hi All
I am pretty new to all this software. I have managed to install and configure my own firewall machine that sits between the internet and my 2 internal networks.
I have etherape installed on my main machine and it obviously only monitors the traffic to and from this machine.
What I wan to know is if it is possible to put etherape on the firewall machine so I can monitor ALL traffic to and from the entire network.
look forward to your info.
Regards
Mark m
Nothing prevents you to use etherape on a machine directly connected to internet, like a firewall.
You need to be very careful, however, because etherape needs:
- root privileges to capture traffic. Thus a security bug in etherape can compromise your system (I'm not aware of any such bug, and etherape takes some care to avoid the usual security pitfalls, but bugs happen).
- an X server to display its data. On a firewall, usually X isn't needed, and using it can be a significant security risk.
There are ways to mitigate and event eliminate both issues, but unless you know what are you doing, I strongly advise against using etherape on your firewall.
A much better solution would be placing etherape on an internal machine, directly behind your firewall and between it and your network. For example, by using an hub, or the analysis port of your switch, if it has one.
A possible arrangement could be
etherape machine - \
hub --- firewall --- internet
internal network - switch - /
The etherape machine could also have two network cards. One attached to the hub, and one connected to internal network