G+_Tim Bentley Posted June 21, 2017 Share Posted June 21, 2017 TAPS Network Monitoring Using Security Onion as a monitoring solution with 3 NIC's . Two NICS are running in promiscuous mode connected to two Gigabit switches on different segments of the network. Is this not the same as adding TAPS as I can see all the traffic passing through? Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted June 21, 2017 Share Posted June 21, 2017 Not quite the same thing. Taps are just watching data flow through but typically can't change the data. Neither end knows the tap exists. You basically have a router that monitors all the traffic flowing through it. Both sides can see your router and your Security Onion computer can inject or change data as it flows through. If Security Onion can't keep up, you will probably slow down the transfer of data. If a tap can't keep up you'll lose the reading/logging of some data. Link to comment Share on other sites More sharing options...
G+_Black Merc Posted June 22, 2017 Share Posted June 22, 2017 Wait.. Gig switches, are they mirroring ALL traffic to the Onion? If not ... Fail. Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted June 22, 2017 Share Posted June 22, 2017 Yup, I think I misunderstood the setup by thinking the Onion was the gateway between the two segments. I guess that's not how it works... Does Security Onion do ARP spoofing or something? I'm curious how it would be able to monitor all traffic on the switch. Now I'm curious and have to do more research ? Link to comment Share on other sites More sharing options...
Recommended Posts