Home page logo

basics logo Security Basics mailing list archives

Re: mirroring cable model traffic
From: "Gleb Paharenko" <gpaharenko () gmail com>
Date: Mon, 7 Apr 2008 19:58:07 +0300


In case you're using HUB, you should. However perhaps it is some delay
with name resolving. Try tcpdump with -n and -l switches.

2008/4/7, Chas Meyer <chas.meyer () gmail com>:
Just a quick question - I've decided to run snort on all the traffic running
in and out of my house.  Since my home switch is unmanaged (I can't set up a
mirror port), I've done it ghetto style.  I set up a hub in between my cable
modem and my router/switch and plugged the interface on my server that I
would like to use for sniffing into that hub.  However, when I test this rig
with tcpdump (using command: sudo tcpdump -vvv -i eth0), all I am getting is
arp requests on my ISP's network, even with internet use from my local
network.  Shouldn't I also be seeing all the traffic that is originating and
terminating at my router/switch?  Any help would be great.  Thanks.

Best regards.
Gleb Pakharenko.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]