-
November 11th, 2010, 02:39 PM
#1
Junior Member
Setting up a Sniffer outside of the firewall
I am working with my ISP to determine why I'm getting RST packets when external devices are trying to connect to internal devices. I ran WireShark on the internal network but now the ISP would like me to get a packet capture between the incoming router and my firewall.
I don't have a hub or managed switch that I can use but I do have an available Windows 2003 server with two NICs. Is there a way to configure Windows 2003 so that the traffic will just flow through the two NICs without my having to assign them IP addresses. Basically, I just want it to act like a repeater so that I can monitor the traffic. TIA for any advice.
-
November 12th, 2010, 04:16 AM
#2
You will probably want to look into setting up a transparent bridge. I have configured one before, while setting up our content filter, but I am home sick, and won't be able to remember exactly how I did it without looking at the server.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
November 12th, 2010, 07:14 AM
#3
Here's a good tutorial for setting up a linux transparent bridge with squid...
http://teklimbu.wordpress.com/2007/1...-squid-bridge/
Here's another tutorial but it's more intended for the purpose you are bringing about...
http://eatingsecurity.blogspot.com/2...-pcap-and.html
Analog = Classical
Digital = Techno
-
November 12th, 2010, 03:05 PM
#4
Junior Member
Thanks for the replies
I ended up just buying a hub and running the connection through that and capturing with WireShark from my Win2003 machine.
I've not worked with Linux and needed the capture pretty quick. Had trouble finding someone who carried hubs in stock and even had one bozo try to sell me a switch because, "a hub and a switch are the same thing." BestBuy pulled me through, though, with an inexpensive 4-port hub.
-
November 12th, 2010, 04:37 PM
#5
You need to post the bozo's name of business and location - Public service and all that
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
November 12th, 2010, 05:16 PM
#6
Junior Member
The place is normally pretty good, I've bought other things from them. Let's just say that if you ever find yourself in Baton Rouge at Tim's computers, ask for someone other than Will.
-
November 12th, 2010, 07:18 PM
#7
hahahahahaha
Good answer StrixLa
Greenies for you
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
November 12th, 2010, 09:51 PM
#8
Haha. I have had those sorts of run-ins at mom and pop stores. Some of the people really know their stuff. While others... not so much. I have seen many "deer in headlights" stares.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
Similar Threads
-
By TSR in forum Firewall & Honeypot Discussions
Replies: 0
Last Post: April 8th, 2004, 03:13 PM
-
By mjk in forum Firewall & Honeypot Discussions
Replies: 6
Last Post: March 12th, 2004, 05:40 AM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By Ennis in forum The Security Tutorials Forum
Replies: 5
Last Post: December 11th, 2001, 10:30 PM
-
By cuzeyecan in forum Security Archives
Replies: 5
Last Post: October 19th, 2001, 04:50 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|