![]() The analysis machine will then capture all traffic flowing between the switch port and the router. Lastly, you would place a cable into the monitor port that leads to your analysis machine. You would add an additional cable from the outbound port of the tap into the port on your router. In order to insert the tap into the mix, you would unplug the current cable from the router and plug it into the inbound port on the tap. Typically, you would have a single cable going from a switch to your router. Say you wanted to intercept all network traffic entering your router. These are inbound and outbound ports and a monitor port. One other technique which I had not previously used, but have now grown to love is using a network tap.Ī tap is basically a hardware device that you can place on the wire to intercept the right packets. Those three methods were ARP Cache Poisoning, Hubbing Out, and Port Mirroring. In a post a few months ago I outlined three methods for getting on the wire. The advent of switched networks makes this a bit harder on us as traffic is now directed and not free-flowing across every port on a network. Half the battle when you are capturing packets is placing the sniffer computer so that it captures the packets you need. I’ve already written quite a bit about getting on the wire as it pertains to packet analysis.
0 Comments
Leave a Reply. |