mailing list archives
Re: mirroring cable model traffic
From: Alasdair Gow <alasdair.gow () lumison net>
Date: Tue, 08 Apr 2008 09:17:20 +0100
Is your interface in promiscuous mode? listening on 0.0.0.0, or just up
without an ip
Chas Meyer wrote:
Its a Linksys NH1005 10/100 5-port hub (I actually had to go to
Walmart to buy this thing since no one else sells hubs anymore
locally, only switches). However, I decided to punk out and just set
up what was going to be my monitoring station as a
between my cable modem and my router/switch (which I put into bridge
mode). This will give me more flexibility, and I should be able to
get meaningful IP info this way since I can monitor on the inside of
the NAT setup. Works great - shorewall, squid, and snort are a breeze
to set up (I highly recommend it). So now its off to return my hub to
the store and pick up a UPS for my newly minted router/server.
On Apr 7, 2008, at 2:19 PM, Philip Fagan wrote:
What kind of hub?
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Chas Meyer
Sent: Monday, April 07, 2008 12:35 AM
To: security-basics () securityfocus com
Subject: mirroring cable model traffic
Just a quick question - I've decided to run snort on all the traffic
running in and out of my house. Since my home switch is unmanaged (I
can't set up a mirror port), I've done it ghetto style. I set up a
hub in between my cable modem and my router/switch and plugged the
interface on my server that I would like to use for sniffing into that
hub. However, when I test this rig with tcpdump (using command: sudo
tcpdump -vvv -i eth0), all I am getting is arp requests on my ISP's
network, even with internet use from my local network. Shouldn't I
also be seeing all the traffic that is originating and terminating at
my router/switch? Any help would be great. Thanks.
t: 0845 1199 900
d: 0131 514 4042
P.S. It's a hat-trick - Lumison have been nominated for best business broadband, best email and best VoIP provider for
the 2008 ISPAs
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender. Any
offers or quotation of service are subject to formal specification.
Errors and omissions excepted. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Lumison, nplusone or lightershade ltd.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Lumison, nplusone and lightershade ltd accepts no
liability for any damage caused by any virus transmitted by this email.