i already tried this and its not enough because switch only mirrors arp , and i need tcp or udp ( ip )hello,
you can use winbox, go to switch menu, and mirror your monitored port to suricata port.
https://help.mikrotik.com/docs/spaces/R ... p+Features
Search found 2 matches
- Mon Nov 25, 2024 11:50 am
- Forum: Forwarding Protocols
- Topic: How to configure Packet Sniffer for IDS: Mirroring ether1 to ether6 for Suricata monitoring in WebFig
- Replies: 2
- Views: 1006
Re: How to configure Packet Sniffer for IDS: Mirroring ether1 to ether6 for Suricata monitoring in WebFig
- Fri Nov 22, 2024 11:33 am
- Forum: Forwarding Protocols
- Topic: How to configure Packet Sniffer for IDS: Mirroring ether1 to ether6 for Suricata monitoring in WebFig
- Replies: 2
- Views: 1006
How to configure Packet Sniffer for IDS: Mirroring ether1 to ether6 for Suricata monitoring in WebFig
I'm trying to set up packet capture for Suricata IDS/IPS monitoring. I want to capture all incoming WAN traffic from ether1 and mirror it to ether6, which connects to my Suricata VM. Current setup: RouterOS: 7.11.2 Device: L009UiGS-2HaxD WAN port: ether1 Suricata VM connection: ether6 I've configure...