I'd like to install an IDS on my home network. I have a Netgear N300 wireless router that has the standard 4-port switch built into it, but port mirroring doesn't seem possible on it. I have Motorola SB6141 cable modem, and I've confirmed with my ISP that I only get one IP address (dynamic). How do I put an IDS box on my network so that it sees all network traffic? If I put a network tap between the modem and the router, doesn't that expose the IDS? Speaking of taps, I've seen the so-called "passive" portable taps like the "Throwing Star LAN Tap Pro" for about $15, and I've also seen taps from NetOptics, Black Box, and Garland, to name a few; that go from about $350 and up. Would the $15 tap do the trick? Maybe something like that wouldn't drop any packets since it is only a home network with rarely more than three devices connected at a time. What is the best way to install something like this? I want to install this to learn packet analysis, etc.
Some info here: http://wiki.wireshark.org/CaptureSetup/Ethernet. Monitoring traffic between cable modem and router is a fine idea. However, you can start the learning process by running Wireshark (or whatever) on a "quiet" computer and analyzing the network traffic flowing through one of its interfaces (the traffic between it and your router). An easier and safer way to begin.
You already have this. Check your router's admin menu for logging. You can easily see who (what devices) is connected to your network and should be able to see how much bandwidth they are using. From within the menu, you should also be able to restrict access to only those systems you want access.
