GuzmanDiaz18 Posted June 5, 2013 Share Posted June 5, 2013 I have a question and I'm entering the world of Networking audit, I have a question, I installed OSSIM and configured one of the interfaces as promiscuous mode, it is now also the SWITCH must also have a configuration for Promiscuous Port, or only connect to the last port of the Switch.:) Greetings from PERU Quote Link to comment Share on other sites More sharing options...
digininja Posted June 5, 2013 Share Posted June 5, 2013 If you want to sniff all traffic on a network then you need to either put a port on the switch into mirror mode, this means all traffic going over the switch also gets spat out of that port. Which physical port you can do it on depends on the switch, some have dedicated ports for it, some you can set it on any. The other option is to drop the device in a key part of the network that all traffic flows over and have it bridge all traffic so it can see everything. Quote Link to comment Share on other sites More sharing options...
GuzmanDiaz18 Posted June 6, 2013 Author Share Posted June 6, 2013 My switch is not manageable, which is why I have set up a network card in promiscuous mode on the CPU you have installed OSSIM, if I connect to any port on the switch? Captured packets? Quote Link to comment Share on other sites More sharing options...
digininja Posted June 6, 2013 Share Posted June 6, 2013 A switch is smart and will only send traffic to a port if the destination device is on that port so you won't see the traffic. The only way you can see it is to use a hub or put yourself inline somehow to watch the device you want to monitor. Quote Link to comment Share on other sites More sharing options...
digip Posted June 6, 2013 Share Posted June 6, 2013 If its not a high end switch with port mirroring(which is designed for this sort of thing), you need an inline lan tap or as mentioned a hub, sans going all MITM attack on someone. Only problem with a hub, is you then run into security issues giving everyone on the hub access to everyone else's data, and also cause broadcast storms, which, is why we today use switches to minimize bottlenecks and keep the network up. MITM works fine over wireless, but not so well on wired networks, and really not the best way to get the data you're probably after. No ability for port mirroring, invest in high end lan taps. Quote Link to comment Share on other sites More sharing options...
GuzmanDiaz18 Posted June 7, 2013 Author Share Posted June 7, 2013 (edited) I've been finding out from other sources and they say that the best option if you do not have a managed switch is to build a network tap. Edited June 8, 2013 by GuzmanDiaz18 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.