Home page logo

basics logo Security Basics mailing list archives

Re: mirroring cable model traffic
From: Julius Turk <jturk65 () yahoo com>
Date: Sat, 12 Apr 2008 12:17:37 -0700 (PDT)

Ace Computers sells Net Optics Taps, which is a professionally made and guaranteed tap. No effect on traffic on your 

-----Original message-----
From: Security / Cisco security () davidswafford com
Date: Sat, 12 Apr 2008 14:41:34 -0500
Subject: Re: mirroring cable model traffic

Why not just pick up a Cisco 2950 and use port mirroring to accomplish  
this goal?  Seams to me that it would be a bit simpler and more stable  
than an ancient hub or some handmade tap device.


On Apr 12, 2008, at 1:25 PM, Burton Strauss wrote:

As Dan says - you need a true hub, which are NOT easy to find.  The  
last one
I know worked was a Linksys, but only the one in the grey package -  
spiffy blue & black one was a switching hub.

Or, you can make a 10/100 Tap (you can make one yourself from parts
available @ Radio Shack, the hardware store et al - instructions are  
snort dot org. The trick there is that you need TWO interfaces as  
one port
of the tap is the tx (transmit) traffic and the other is the rx  


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com 
] On
Behalf Of Dan Lynch
Sent: Friday, April 11, 2008 12:09 PM
To: Chas Meyer; security-basics () securityfocus com
Subject: RE: mirroring cable model traffic

I've seen this with modern hubs. Try using a much older model hub.

- Dan

Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Chas Meyer
Sent: Sunday, April 06, 2008 11:35 PM
To: security-basics () securityfocus com
Subject: mirroring cable model traffic

Just a quick question - I've decided to run snort on all the
traffic running in and out of my house.  Since my home switch
is unmanaged (I can't set up a mirror port), I've done it
ghetto style.  I set up a hub in between my cable modem and
my router/switch and plugged the interface on my server that
I would like to use for sniffing into that hub.  However,
when I test this rig with tcpdump (using command: sudo
tcpdump -vvv -i eth0), all I am getting is arp requests on my
ISP's network, even with internet use from my local network.
Shouldn't I also be seeing all the traffic that is
originating and terminating at my router/switch?  Any help
would be great.  Thanks.

Best Regards, 


Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]