Security Basics mailing list archives
Re: mirroring cable model traffic
From: "Gleb Paharenko" <gpaharenko () gmail com>
Date: Mon, 7 Apr 2008 19:58:07 +0300
Hi. In case you're using HUB, you should. However perhaps it is some delay with name resolving. Try tcpdump with -n and -l switches. 2008/4/7, Chas Meyer <chas.meyer () gmail com>:
Just a quick question - I've decided to run snort on all the traffic running in and out of my house. Since my home switch is unmanaged (I can't set up a mirror port), I've done it ghetto style. I set up a hub in between my cable modem and my router/switch and plugged the interface on my server that I would like to use for sniffing into that hub. However, when I test this rig with tcpdump (using command: sudo tcpdump -vvv -i eth0), all I am getting is arp requests on my ISP's network, even with internet use from my local network. Shouldn't I also be seeing all the traffic that is originating and terminating at my router/switch? Any help would be great. Thanks.
-- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com
Current thread:
- mirroring cable model traffic Chas Meyer (Apr 07)
- Re: mirroring cable model traffic Gleb Paharenko (Apr 07)
- RE: mirroring cable model traffic Philip Fagan (Apr 07)
- Re: mirroring cable model traffic Chas Meyer (Apr 07)
- Re: mirroring cable model traffic Alasdair Gow (Apr 08)
- Re: mirroring cable model traffic Chas Meyer (Apr 07)
- Re: mirroring cable model traffic Robert Taylor (Apr 08)
- RE: mirroring cable model traffic Dan Lynch (Apr 11)
- RE: mirroring cable model traffic Burton Strauss (Apr 12)
- Re: mirroring cable model traffic Security / Cisco (Apr 12)
- RE: mirroring cable model traffic Rony Cohen (Apr 14)
- RE: mirroring cable model traffic Burton Strauss (Apr 12)
- <Possible follow-ups>
- Re: mirroring cable model traffic Ric Getter (Apr 08)
- Re: mirroring cable model traffic Julius Turk (Apr 12)
(Thread continues...)