Hi there,

I work at a school where all the kids in the school have laptops that connect through our network while at school and we've been having an issue where the kids laptops get a virus / spam and our domain get's blacklisted so our emails stop sending.

To this point we have been able to find which students have the viruses but it takes quite a bit of effort and time.

What I am looking to do it setup a Ubuntu box that sits between my firewall and core switch that analyzes the data running out to the Internet. My Ubuntu machine has two NICs and what I would like to do it have it transparent to the network and traffic just runs through it. With the idea of running WireShark or similar to help with finding which PCs are sending Spam or acting as Botnets.

Since I'm a bit green with routing in Linux, I was wondering if anyone had any suggestions on how to get started or if this was even possible.

Thank you
tyelford