We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can be difficult to try cool/free network monitoring tools.



Sure, one could buy another router that has those features. But it is far easier to not do that. So, people don’t. Time goes on and they never get to play with the free enterprise-level cool tools at work or at home.



However, there are a couple of ways to set up full network monitoring at home. No taps, no mirrored ports, no expensive/obscure devices to buy.



In fact, the more basic and crappy the wireless router/switch is, the better these techniques work.



So, in this Black Hills Information Security (BHIS) webcast, we will give you a super easy and hacky way to get open-source enterprise network monitoring up and running at home in no time flat.



Recorded • 2021-04-15



Join the BHIS Community Discord: https://discord.gg/bhis



00:00 – FEATURE PRESENTATION: No SPAN Port? No Tap? No Problem!



06:00 – Mental Blocks



10:52 – Solution to Mental Blocks



16:26 – ARP Cache Poisoning



33:26 – Step One: Ubuntu



34:36 – Step Two: RITA/Zeek/Mongo



36:45 – Step Three: Install Bettercap



38:09 – Step Four: Start Bettercap



39:52 – Step Five: Advanced – arp-spoof



45:46 – Success!



47:08 – RITA: Import & Analyze



49:42 – RITA: Beacons



52:35 – What Now?



58:29 – QnA



[Post]Show Job Hunting – https://youtu.