Author, General InfoSec Tips & Tricks, InfoSec 101, John Strand, Webcasts

Webcast: No SPAN Port? No Tap? No Problem!

We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can be difficult to try cool/free network monitoring tools.

Sure, one could buy another router that has those features. But it is far easier to not do that. So, people don’t. Time goes on and they never get to play with the free enterprise-level cool tools at work or at home.

However, there are a couple of ways to set up full network monitoring at home. No taps, no mirrored ports, no expensive/obscure devices to buy.

In fact, the more basic and crappy the wireless router/switch is, the better these techniques work.

So, in this Black Hills Information Security (BHIS) webcast, we will give you a super easy and hacky way to get open-source enterprise network monitoring up and running at home in no time flat.

Recorded • 2021-04-15

Join the BHIS Community Discord: https://discord.gg/bhis

00:00 – FEATURE PRESENTATION: No SPAN Port? No Tap? No Problem!

06:00 – Mental Blocks

10:52 – Solution to Mental Blocks

16:26 – ARP Cache Poisoning

33:26 – Step One: Ubuntu

34:36 – Step Two: RITA/Zeek/Mongo

36:45 – Step Three: Install Bettercap

38:09 – Step Four: Start Bettercap

39:52 – Step Five: Advanced – arp-spoof

45:46 – Success!