RE: mirroring cable model traffic

["Rony Cohen" <Rony.Cohen () t-mobile co uk>]

alternatively, you can build your own TAP. have a look there
http://www.enigmacurry.com/articles/building-an-ethernet-tap/

        _rony


> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On Behalf Of Chas Meyer
> Sent: Sunday, April 06, 2008 11:35 PM
> To: security-basics () securityfocus com
> Subject: mirroring cable model traffic
>
> Just a quick question - I've decided to run snort on all the
> traffic running in and out of my house.  Since my home switch 
> is unmanaged (I can't set up a mirror port), I've done it 
> ghetto style.  I set up a hub in between my cable modem and 
> my router/switch and plugged the interface on my server that 
> I would like to use for sniffing into that hub.  However, 
> when I test this rig with tcpdump (using command: sudo 
> tcpdump -vvv -i eth0), all I am getting is arp requests on my 
> ISP's network, even with internet use from my local network.  
> Shouldn't I also be seeing all the traffic that is 
> originating and terminating at my router/switch?  Any help 
> would be great.  Thanks.
T-Mobile (UK) Limited
Company Registered Number: 02382161
Registered Office Address: Hatfield Business Park, Hatfield, Hertfordshire, AL10 9BW
Registered in England and Wales
 
NOTICE AND DISCLAIMER
 
This email (including attachments) is confidential. If you are not the intended recipient, notify the sender 
immediately, delete this email from your system and do not disclose or use for any purpose.