Detecting/reporting suspicious chatter on local devices?

Comments

3 comments

  • Avatar
    Firewalla

    You need to segment your network for this. Meaning, place your local devices on different subnets, and apply policy to each of the subnets. 

    0
    Comment actions Permalink
  • Avatar
    Chris Milkosky

    Thanks. How about just seeing which devices are talking to each other at all? Do I need to segment my network for that? Or are local devices talking to each other without passing through the firewalla? Now that I think about it, I think that’s probably the case - they only are visible to firewalla when they need to hop to another network or get out on the WAN, right?

    If that is the case then I need to sniff my wifi to see who is talking with who, correct?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Yes, you need to segment in order to see device traffic. Firewalla is a router/firewall, and it can not see LAN traffic on the same segment. That traffic does not go to firewalla (or any other router). 

    To sniff LAN traffic (properly) you need a function like a SPAN port on a switch to get all that traffic. I don't think wifi AP supports such 

    0
    Comment actions Permalink

Please sign in to leave a comment.