Active Countermeasures Webcast
01-16-2020
How to Use a Raspberry Pi as a Network Sensor
How to use a Raspberry Pi as a Network Sensor!
Stealth – Size – Cost – Bang for the buck: pick any 4!
Running a network sensor, IDS, or IPS can be a costly venture; the high-end ones can cost more than a used car. In this webcast we’ll cover running a network sensor using a Raspberry Pi, a miniature single-board computer that runs most anything you can run under Linux.
Bill will show you how to install and use the Zeek IDS and cover the performance aspects you’ll need to know. Setting up IDSs that cost about the same as a bike means you can monitor far more network segments simultaneously, and hide them behind a power brick if you have to.
No previous experience with the Pi is needed – you’ll have a shopping list of what to get. You will probably want basic familiarity with running commands under Linux.
Read the Q&A From This Webcast
Presented by: Bill Stearns
Timeline:
- 1:51 Presentation Outline
- 2:12 Goals of This Talk
- 3:24 Did Someone Say Raspberry Pie?
- 14:50 Building the System
- 19:21 Software Setup
- 21:06 Network Setup
- 28:06 Additional Steps
- 31:20 Getting Packets
- 34:09 Monitor the Span Port
- 45:34 What Sniffing Tools to Use
- 46:46 This Example
- 50:49 Why Not a Traditional PC?
- 53:51 To Infinity…
- 56:05 References