01-16-2020 ACM Webcast: How to Use a Raspberry Pi as a Network Sensor

Active Countermeasures Webcast

01-16-2020

How to Use a Raspberry Pi as a Network Sensor

How to use a Raspberry Pi as a Network Sensor!

Stealth – Size – Cost – Bang for the buck: pick any 4!

Running a network sensor, IDS, or IPS can be a costly venture; the high-end ones can cost more than a used car. In this webcast we’ll cover running a network sensor using a Raspberry Pi, a miniature single-board computer that runs most anything you can run under Linux.

Bill will show you how to install and use the Zeek IDS and cover the performance aspects you’ll need to know. Setting up IDSs that cost about the same as a bike means you can monitor far more network segments simultaneously, and hide them behind a power brick if you have to.

No previous experience with the Pi is needed – you’ll have a shopping list of what to get. You will probably want basic familiarity with running commands under Linux.

Slides & Buy List

Read the Q&A From This Webcast

Presented by: Bill Stearns

Timeline:

  • 1:51 Presentation Outline
  • 2:12 Goals of This Talk
  • 3:24 Did Someone Say Raspberry Pie?
  • 14:50 Building the System
  • 19:21 Software Setup
  • 21:06 Network Setup
  • 28:06 Additional Steps
  • 31:20 Getting Packets
  • 34:09 Monitor the Span Port
  • 45:34 What Sniffing Tools to Use
  • 46:46 This Example
  • 50:49 Why Not a Traditional PC?
  • 53:51 To Infinity…
  • 56:05 References
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To
Archives

We're always up to cool threat hunting stuff at Active Countermeasures. Sometimes we want to share our cool stuff and we'll mail it to this list. We are not spammy, and no salesy junk!

* indicates required



Choose the Email Categories You Want to Receive:

(un-check any you don't want)


We're always up to cool threat hunting stuff at Active Countermeasures. Sometimes we want to share our cool stuff and we'll mail it to this list. We are not spammy, and no salesy junk!

* indicates required



Choose the Email Categories You Want to Receive:

(un-check any you don't want)