Security Basics mailing list archives
mirroring cable model traffic
From: Chas Meyer <chas.meyer () gmail com>
Date: Mon, 7 Apr 2008 01:35:19 -0500
Just a quick question - I've decided to run snort on all the traffic running in and out of my house. Since my home switch is unmanaged (I can't set up a mirror port), I've done it ghetto style. I set up a hub in between my cable modem and my router/switch and plugged the interface on my server that I would like to use for sniffing into that hub. However, when I test this rig with tcpdump (using command: sudo tcpdump -vvv -i eth0), all I am getting is arp requests on my ISP's network, even with internet use from my local network. Shouldn't I also be seeing all the traffic that is originating and terminating at my router/switch? Any help would be great. Thanks.
Current thread:
- mirroring cable model traffic Chas Meyer (Apr 07)
- Re: mirroring cable model traffic Gleb Paharenko (Apr 07)
- RE: mirroring cable model traffic Philip Fagan (Apr 07)
- Re: mirroring cable model traffic Chas Meyer (Apr 07)
- Re: mirroring cable model traffic Alasdair Gow (Apr 08)
- Re: mirroring cable model traffic Chas Meyer (Apr 07)
- Re: mirroring cable model traffic Robert Taylor (Apr 08)
- RE: mirroring cable model traffic Dan Lynch (Apr 11)
- RE: mirroring cable model traffic Burton Strauss (Apr 12)
- Re: mirroring cable model traffic Security / Cisco (Apr 12)
- RE: mirroring cable model traffic Rony Cohen (Apr 14)
- RE: mirroring cable model traffic Burton Strauss (Apr 12)
- <Possible follow-ups>
- Re: mirroring cable model traffic Ric Getter (Apr 08)
(Thread continues...)