[wplug] Tapping into an Ethernet connection
Max Putas
maxblaze at gmail.com
Fri May 15 11:24:52 EDT 2009
Lawrence,
On Fri, May 15, 2009 at 10:37 AM, Brian A. Seklecki
<lavalamp at spiritual-machines.org> wrote:
> Since this isn't the 80s:
>
> Just get a $100 Cisco Catalyst of just about any model off of Ebay an
> run:
>
> switch# sh run | include monitor
> monitor session 1 source vlan 11 , 20
> monitor session 1 destination interface Gi0/27
>
> switch# sh monitor session 1
> Session 1
> ---------
> Type : Local Session
> Source VLANs :
> Both : 11,20
> Destination Ports : Gi0/27
> Encapsulation : Native
> Ingress : Disabled
>
> ---------------
>
> Replace the VLAN source with a physical source if you don't need to
> strip VLAN Headers.
>
> I recommend the Cat 3560-24 or Cat 3550-12T series for gig.
>
> ~BAS
>
>
>> Your best bet is to set up a Linux machine with 2 NICs and bridge
>> them, then use wireshark on the bridge interface. Either that or get
>> an (expensive) managed switch that can do port mirroring.
>>
>>
>> Moshe
Another option would be to make your own receive only Ethernet tap.
These links will prove useful:
http://www.ossmann.com/5-in-1.html
http://www.dgonzalez.net/pub/roc/
--
Thanks,
Max Putas
More information about the wplug
mailing list