Just moozing

Before you can check your notes, you must make them…

sniffing traffic

leave a comment »

Collecting all traffic from a mirror port on a switch is trivial.

For it to work, the switch must be set to transmit packages from one port to another. Check that you are mirroring the ports that you are interested in. And then on the machine connected to the mirror port

tcpdump -s 0 -i eth0 -w mycap.pcap -C 150

The sniffer machine usually have multiple ethernet interfaces. One (or more) for sniffing, and one for normal access (eg. management interface).

The above is the quick version, which would usable most places. For more “professional” use, look into security onion. Simple to install, and does a lot of IDS tricks.

I got inspiration from here.


Written by moozing

August 17, 2015 at 12:00

Posted in Tech

Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: