Security Basics mailing list archives
RE: mirroring cable model traffic
From: "Philip Fagan" <pfagan () digitalglobe com>
Date: Mon, 7 Apr 2008 13:19:36 -0600
What kind of hub? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Chas Meyer Sent: Monday, April 07, 2008 12:35 AM To: security-basics () securityfocus com Subject: mirroring cable model traffic Just a quick question - I've decided to run snort on all the traffic running in and out of my house. Since my home switch is unmanaged (I can't set up a mirror port), I've done it ghetto style. I set up a hub in between my cable modem and my router/switch and plugged the interface on my server that I would like to use for sniffing into that hub. However, when I test this rig with tcpdump (using command: sudo tcpdump -vvv -i eth0), all I am getting is arp requests on my ISP's network, even with internet use from my local network. Shouldn't I also be seeing all the traffic that is originating and terminating at my router/switch? Any help would be great. Thanks.
Current thread:
- mirroring cable model traffic Chas Meyer (Apr 07)
- Re: mirroring cable model traffic Gleb Paharenko (Apr 07)
- RE: mirroring cable model traffic Philip Fagan (Apr 07)
- Re: mirroring cable model traffic Chas Meyer (Apr 07)
- Re: mirroring cable model traffic Alasdair Gow (Apr 08)
- Re: mirroring cable model traffic Chas Meyer (Apr 07)
- Re: mirroring cable model traffic Robert Taylor (Apr 08)
- RE: mirroring cable model traffic Dan Lynch (Apr 11)
- RE: mirroring cable model traffic Burton Strauss (Apr 12)
- Re: mirroring cable model traffic Security / Cisco (Apr 12)
- RE: mirroring cable model traffic Rony Cohen (Apr 14)
- RE: mirroring cable model traffic Burton Strauss (Apr 12)
- <Possible follow-ups>
- Re: mirroring cable model traffic Ric Getter (Apr 08)
- Re: mirroring cable model traffic Julius Turk (Apr 12)
- Re: mirroring cable model traffic Jeff Stebelton (Apr 14)