[wplug] Tapping into an Ethernet connection
Brian A. Seklecki
lavalamp at spiritual-machines.org
Fri May 15 10:37:35 EDT 2009
Since this isn't the 80s:
Just get a $100 Cisco Catalyst of just about any model off of Ebay an
run:
switch# sh run | include monitor
monitor session 1 source vlan 11 , 20
monitor session 1 destination interface Gi0/27
switch# sh monitor session 1
Session 1
---------
Type : Local Session
Source VLANs :
Both : 11,20
Destination Ports : Gi0/27
Encapsulation : Native
Ingress : Disabled
---------------
Replace the VLAN source with a physical source if you don't need to
strip VLAN Headers.
I recommend the Cat 3560-24 or Cat 3550-12T series for gig.
~BAS
> Your best bet is to set up a Linux machine with 2 NICs and bridge
> them, then use wireshark on the bridge interface. Either that or get
> an (expensive) managed switch that can do port mirroring.
>
>
> Moshe
>
>
More information about the wplug
mailing list