RE: mirroring cable model traffic

["Dan Lynch" <DLynch () placer ca gov>]

I've seen this with modern hubs. Try using a much older model hub.

- Dan

Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA

> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of Chas Meyer
> Sent: Sunday, April 06, 2008 11:35 PM
> To: security-basics () securityfocus com
> Subject: mirroring cable model traffic
>
> Just a quick question - I've decided to run snort on all the 
> traffic running in and out of my house.  Since my home switch 
> is unmanaged (I can't set up a mirror port), I've done it 
> ghetto style.  I set up a hub in between my cable modem and 
> my router/switch and plugged the interface on my server that 
> I would like to use for sniffing into that hub.  However, 
> when I test this rig with tcpdump (using command: sudo 
> tcpdump -vvv -i eth0), all I am getting is arp requests on my 
> ISP's network, even with internet use from my local network.  
> Shouldn't I also be seeing all the traffic that is 
> originating and terminating at my router/switch?  Any help 
> would be great.  Thanks.