Hi Carmello,
To comment on the firewall - you had better make absolutely certain it is
set to deny all any -> any (but I have to ask why you would even have a
"test" LAN touching any production network in the first place???)...
Next, about sniffers/ IDS... SNORT, TCP Dump, Ethereal would all be good
choices. It will depend on what you are intending to test. If the "test"
LAN is meant for intrusions/penetrations/vulnerabilities I would strongly
urge you toward a combination of at least two of the above.
For the individual systems I would also recommend going to SysInternals.com
and checking out some of the freeware there (i.e. RegMon, PortMon, TDIMon,
DiskMon, and so forth - mon...). These tools have been beyond useful for me
on many occasions.
Be sure you give your test LAN the most likely look and feel as the "live
fire " (a.k.a. production) network as possible. In other words - put on the
test LAN what you have (or plan to have) on the live network. If possible,
use VM ware to reproduce ws/dt, servers, etc... to cut down on physical sys
costs as well.
Good luck and have fun!
Regards,
Robert
