I would like to run Snort and Bot Hunter on a spare Linux machine on my home LAN. My local network uses the very common Linksys WRT54G wireless router. Therefore I have a switched network which makes it very difficult to perform any type of network sniffing.
I’m asking for your thoughts and feedback to solve this problem. Right now I’ve come up with the following solutions:
- Connect a hub to the router’s WAN port. Connect my cable modem and linux machine to the hub.
- Install DD-WRT on the Linksys router. Does DD-WRT yet support span / tap (monitor) ports?
- Install two (2) NICs on the linux machine and route my cable modem through that before connecting to the router.
- Buy an affordable Cisco 2600 router off of eBay.
Please share your ideas and thoughts on the subject.