Upwork experience

Hello,

I’m building a lab @ home for school. I’ve hit a snag in that I used to use an inexpensive network switch for traffic sniffing (Netgear gs108e) and I’m wanting something a little more robust. The Netgear gets easily confused, requires periodic reboots, can only be configured with an absolutely godawful adobe air powered windows only app.

I’m basing myself on past experience with the help of the recommended hardware list on the security onion github page.

After some stumbling around I’ve elected to build a PC, stuff it with as many Intel nics as possible and roll out PFSense on it. All of the YouTube university videos that I dug up are close but not exactly my usecase. I’m seriously thinking of paying to have a PFSense/Opensense guru help me configure the router/switch…

Has anyone used Upwork to hire some remote help? Can they share their experience with this service? Is there a better suited service I should use?

I’m not against paying for help at this point, in fact I’m more than willing to. Even if the end result is that I confirm that what I’m trying is not possible.

Yes, it’s possible. You don’t need a lot, except time:
https://www.aliexpress.com/item/1005003114565021.html
Quad 1Gbit Intel NIC. Add 2 or more and you’re off to the races.

Alternatively, get yourself one of these:

Old enterprise gear can be remarkably cheap but still working fine.
One thing: before buying, know if/how you can reset the config of the device and what you need to do that. For the above switch, a serial connection is required, something very few modern PC’s are equipped with :roll_eyes:

HTH!

1 Like

I have a PC i built with an AMD 3200 Radeon graphics with 3 Intel nics. 1 quad, 2 dual. I’ve successfully installed Pfsense on it. I also have a twin Xeon box that I have deployed Security Onion on, and have configured a card to be the sniffing card.

I’m now watching the YouTube videos to try and configure the PFsense PC as a switch (I know, not advised, but this should work for the limited use it will get in my lab)

This is where I’m encountering issues. That’s why I was wondering if UpWork was an ok service, as they have PFSense experts.

You would be surprised how many modern mainboards are one breakout cable away from having RS-232.

3 Likes

I would not hire a service to configure anything regardless how well reputable they are. Unless you do it yourself you wont learn it.

It has been a lot of years since I last configured pfsense like that. I did the software switch (bridging multiple NIC ports) when I first set up pfsense too, before I had a lot of good real switches. From what I remember there is a help article directly from pfsense on how to do it and all the commands, no need to scour through youtube vids. It was a pretty simple thing from what I remember after reading through the help article.

What’s the problem with a computer being a switch? I use my proxmox machine as a virtual switch…

Is it a security thing?

The machine is on anyway, and a few extra NICs, compared to a whole switch, does not seem all that much of a trade off

1 Like

Switching between VM’s and Containers on the same machine is different than switching physical connections.

For a home lab it isn’t that big of a deal but in a “real” environment you need a lot of CPU horsepower and a fast clock speed to keep up with software switching.

@JeanSplicer these are the docs you want to read. I know YT tutorials are nice but pfSense has very good documentation you should read through.

https://docs.netgate.com/pfsense/en/latest/bridges/interfaces.html#quick-but-tricky-reassign-the-bridge-as-lan

EDIT: If you are in school for this stuff then idk why you would pay someone to set it up for you. I know networking stuff can be a little obtuse to new people but I would advise you to just learn this stuff and struggle through it. Also, I wouldn’t hire someone from upwork to set up a network. That is something that I would want either some personal relationship in place where I know I can trust them to a degree or a reputable business.

5 Likes

So I’m progressing.

Dutch_Master: I’ve built a PC rather than purchasing older networking gear.

MazeFrame: Yeah I’m unsure why a true serial port got in this discussion.

EniGmA1987: I think hiring a expert would mostly be to confirm or deny that what I’m trying is possible. :person_shrugging:

Trooper_ish: Several of the YouTube vids stated using PFSense as a switch would be much less performant than actually just using a switch. I’m just going by what they said. https://www.youtube.com/watch?v=1EXgyvwJZ6k

ucav117: Neither the PFsense switch PC, victims PCs, or the Security Onion server are virtualized. I’m doing this all on bare metal for very specific reasons. (Lots of the malware samples I plan to detonate have anti-vm mechanisms)

I’ve added the additional nics to a bridge that includes the LAN nic and now they’re served by the DHCP of PFSense. My 3 victim machines on the “hot” network are renewing IPs from the pool. They can ping each other.

One of the main reasons I’m pursuing this config is that I want to be able to capture traffic when a victim machine jumps laterally to another victim.

This is what the network looks like in a simplified view:

I’ll take your advice ucav117, and keep struggling through it.

Out of curiosity what is your degree in? I have a BAS in Cybersecurity and Networking. A lot of my learning and experience was by doing stuff like what you are attempting now. It is more valuable than you realize to struggle through and learn like this. You would be surprised at how many “System Administrators” and “Cyber Security Professionals” don’t know how to troubleshoot and work through problems like this. All they are good for is just checking off boxes and escalating tickets they don’t know how to deal with.

More progress!

This is the pFsense panel (all those nics!)

Here you can see where I added igb7 as “LISTEN”

And here is where I selected “LISTEN” as the span port.

And finally here is the panel on the Security Onion server where I should be seeing some traffic… and am not.

I’m going to break down, plumb in one of these gawdaful gs108e and confirm that Security Onion isn’t the culprit…

2 Likes

Replying to myself for thread completeness…

Confirmed the sniffing nic on the Security Onion seems to be the culprit. I wired the whole hot LAN using a gs108e (completely bypassing the 3200 switch PC) and plumbed in the sniffing port and I’m still not getting ANY alerts.

Boo hiss.
:frowning:

1 Like

Replying to myself for thread completeness #2

I had to run soup on the Security Onion server a bunch of times.

This still leaves my pFsense PC that i built unused, AND i’m back to the uber crappy NetGear gs108e that will, after sufficient traffic, crap out.

It’s on an light timer to restart once a day, but I know that if I wanted to capture a brute force attempt it would crap out eventually also. :frowning:

This works, but is sub optimal.

Is the “LISTEN” adapter as a span port on the “bridgeALL” that I described earlier in this post wrong?