Many managed switches also allow you to specify a monitor or span port.
You may then capture any/all traffic running across your switch
backplane on that port. Idea for IDS applications or whatever it is
you're wanting to do with all that traffic. Keep in mind that it takes
a lot of resources to capture and process traffic so ensure that the
machine you designate for the task is appropriately beefy.
Tim Nelson
Technical Consultant
Rockbochs Inc.
Anderson Carli wrote:
Hi all!
I´m trying to monitor the traffic of my pfSense box. What I want is
to dump all WAN traffic to a host in my LAN.
Well, I achieve this using tcpdump, netcat and WireShark:
1. Capture all traffic with tcpdump and redirect to my host using netcat
tcpdump -n -i fxp1 -w- | nc 192.168.0.1 4321 &
2. In the client host:
nc -L -p 4321 > c:\fxp1.log
3. Now I can open the fxp1.log file with WireShark and see all the
WAN traffic.
But I´m wondering if there is a better way to do the same thing
without netcat (using rpcap for example)
Cheers
Anderson
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
