[Bro] Bro (SOC N' a Box) fly-away kit ideas

Nicholas Weaver nweaver at ICSI.Berkeley.EDU
Mon Feb 27 11:58:03 PST 2012

Another thing which may be useful on the hardware side for this kit:


These are small, cheap (<$200), USB powered Gigabit switches with a built in mirror: all traffic to/from Port 1 is mirrored to port 4.

I purchased one of these and put it inline in my house as an IDS monitor:  I don't know at which point it starts dropping packets (I didn't test that), but I was able to get it up and running trivially.

This is specifically designed for "incident response" type tapping:  You have a notebook and a network you want to monitor, so you just splice this in with a short ethernet cable.

