Page 1 of 1
Span / Monitor port when using "client-to-client" mode?
Posted: Mon Oct 24, 2011 7:58 pm
by dtmiller1976
Hi all. I've got a hypothetical situation here and I'm curious as to what people think. When using the "client-to-client" option is there a way to create a "span" or "monitor" port which exposes the client-to-client traffic, e.g. for intrusion detection analysis?
Thanks,
Damon
Re: Span / Monitor port when using "client-to-client" mode?
Posted: Tue Oct 25, 2011 12:00 am
by ecrist
If your kernel and driver support it, you can just enable promiscuous mode on the tun or tap interface.
Re: Span / Monitor port when using "client-to-client" mode?
Posted: Wed Oct 26, 2011 12:49 pm
by janjust
sorry ecrist, in 'client-to-client' mode the internal routing tables are bypassed on the server.
In 'tun' mode you can mimick 'client-to-client' mode using the right iptables rules - this you can monitor
In 'tap' mode you cannot do this and you'd have to resort to writing an openvpn PF plugin.
Re: Span / Monitor port when using "client-to-client" mode?
Posted: Tue Jan 10, 2012 8:08 am
by EuroChick
Thanks, ecrist, for the help!!! it all turned out easier than I thought before. My kernel really supported it. the issue is solved.
cialis