[AusNOG] (no subject)

Matt Keen | OpSys matt.keen at opsys.com.au
Thu May 21 13:33:02 EST 2020


I've in a pinch used a Mikrotik Hex, bridged the ports and ran a packetsniffer on the port(s) streamed to wireshark

https://mikrotik.com/product/RB750Gr3
https://wiki.mikrotik.com/wiki/Ethereal/Wireshark



-----Original Message-----
From: AusNOG <ausnog-bounces at lists.ausnog.net> On Behalf Of Rob Thomas
Sent: Thursday, 21 May 2020 12:54 PM
To: Richard Biggs <Richard.Biggs at health.qld.gov.au>
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] (no subject)

If you wanted to do this simply, just grab a linux machine with three network interfaces, and do this (assuming eth0 is 'real' and eth1 and
eth2 are where you want to insert the tap)

brctl addbr sniff
brctl addif sniff eth1
brctl addif sniff eth2
brctl stp sniff off

You can then do a tcpdump on the 'sniff' interface and you'll see everything at a packet layer (not a frame layer). If you really REALLY want frames, it's harder, but mostly doable. It looks like that USB thing is only at the packet layer anyway, so you should be fine.

--Rob


On Thu, 21 May 2020 at 12:09, Richard Biggs <Richard.Biggs at health.qld.gov.au> wrote:
>
> Hi All,
>
>
>
> Looking for a standalone network tap, I can’t seem to find anything local in Aus.
>
>
>
> Only needing something real basic like https://www.dualcomm.com/products/usb-powered-10-100-1000base-t-network-tap does anyone know who would be holding some stock?
>
>
>
> Cheers,
>
>
>
> RB
>
>
>
>
>
> **********************************************************************
> ************
>
> Disclaimer: This email and any attachments may contain legally privileged or confidential information and may be protected by copyright. You must not use or disclose them other than for the purposes for which they were supplied. The privilege or confidentiality attached to this message and attachments is not waived by reason of mistaken delivery to you. If you are not the intended recipient, you must not use, disclose, retain, forward or reproduce this message or any attachments. If you receive this message in error, please notify the sender by return email or telephone and destroy and delete all copies. Unless stated otherwise, this email represents only the views of the sender and not the views of the Queensland Government.
>
> Queensland Health carries out monitoring, scanning and blocking of emails and attachments sent from or to addresses within Queensland Health for the purposes of operating, protecting, maintaining and ensuring appropriate use of its computer network.
>
> **********************************************************************
> ************
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog


----------

This email has been scanned for spam and viruses by Proofpoint Essentials. Visit the following link to report this email as spam:
https://us5.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1590031476-ydhx4VoYSIif&r_address=matt.keen%40opsys.com.au&report=1


More information about the AusNOG mailing list