Security Onion newb. Planned network diagram OK?

[Nick Whittome]

Hi

Planning my deployment of Security Onion at home and have prepared the attached diagram. Does this look right?

I don't have the wired router yet. Is there no alternative to this or do I have to buy one? Can I use just the existing wireless router (which I would change to a wireless AP in the diag) and the Dualcomm tap switch?

thanks for any feedback!

[Wes]

This may help:

https://groups.google.com/forum/#!topic/security-onion/k65y05TRbSU

[Tri0x]

So long as nothing else is using your router as its connection point, it should work.

What do you plan to use for a tap?

All of your wireless devices will connect back to the AP, which will connect to the tap/switch and will be caught by SO.

Maybe my diagram will help.

Tri0x

[Nick Whittome]

Dualcomm DSCW-1005

http://dual-comm.com/port-mirroring-LAN_switch.htm

[Tony Carter]

This may be obvious but if your Wireless AP is operating in bridge mode and your router is providing DHCP then you'll see the IPs of devices behind it, otherwise you only see the AP's wan side IP for most traffic. Also, You will not see traffic between devices behind the AP.

HTH,
Tony

[Tri0x]

On Thursday, August 13, 2015 at 10:52:58 AM UTC-4, Nick Whittome wrote:
> Dualcomm DSCW-1005
>
> http://dual-comm.com/port-mirroring-LAN_switch.htm

As I showed in my diagram, anything inside the red rectangle, going out to the Internet will get captured in the mirror port. Any port to port communication in the red rectangle will not be captured.

Are you using an AP or a router for your wireless access?

Tri0x

[Nick Whittome]

Thanks for the info. It's a wireless router that I will put into AP mode. See screenshot

[Tri0x]

That should work fine. Make sure to give it a static IP for easy of troubleshooting.

I have a router working as an AP as well. I have not tested capturing wireless yet, but I expect no issues.

Hope this helps,

Tri0x