mailing list archives
Re: mirroring cable model traffic
From: Julius Turk <jturk65 () yahoo com>
Date: Sat, 12 Apr 2008 12:17:37 -0700 (PDT)
Ace Computers sells Net Optics Taps, which is a professionally made and guaranteed tap. No effect on traffic on your
From: Security / Cisco security () davidswafford com
Date: Sat, 12 Apr 2008 14:41:34 -0500
Subject: Re: mirroring cable model traffic
Why not just pick up a Cisco 2950 and use port mirroring to accomplish
this goal? Seams to me that it would be a bit simpler and more stable
than an ancient hub or some handmade tap device.
On Apr 12, 2008, at 1:25 PM, Burton Strauss wrote:
As Dan says - you need a true hub, which are NOT easy to find. The
I know worked was a Linksys, but only the one in the grey package -
spiffy blue & black one was a switching hub.
Or, you can make a 10/100 Tap (you can make one yourself from parts
available @ Radio Shack, the hardware store et al - instructions are
snort dot org. The trick there is that you need TWO interfaces as
of the tap is the tx (transmit) traffic and the other is the rx
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com
Behalf Of Dan Lynch
Sent: Friday, April 11, 2008 12:09 PM
To: Chas Meyer; security-basics () securityfocus com
Subject: RE: mirroring cable model traffic
I've seen this with modern hubs. Try using a much older model hub.
Dan Lynch, CISSP
Information Technology Analyst
County of Placer
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Chas Meyer
Sent: Sunday, April 06, 2008 11:35 PM
To: security-basics () securityfocus com
Subject: mirroring cable model traffic
Just a quick question - I've decided to run snort on all the
traffic running in and out of my house. Since my home switch
is unmanaged (I can't set up a mirror port), I've done it
ghetto style. I set up a hub in between my cable modem and
my router/switch and plugged the interface on my server that
I would like to use for sniffing into that hub. However,
when I test this rig with tcpdump (using command: sudo
tcpdump -vvv -i eth0), all I am getting is arp requests on my
ISP's network, even with internet use from my local network.
Shouldn't I also be seeing all the traffic that is
originating and terminating at my router/switch? Any help
would be great. Thanks.
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
- Re: mirroring cable model traffic, (continued)