Tag Archives: packet capture

Capturing Traffic with the Cisco ASA

I have written quite a few things lately about capturing traffic so why not write another? This time we will be taking a look at capturing data from another key place in the network; the firewall. Continue reading

Posted in Networking, Security | Tagged , , , , , , | Leave a comment

Cisco Switch SPAN Port Filtering

If you have a bit of familiarity Cisco switches you may have configured a SPAN port or a monitor session in the past. A basic span port is very useful in capturing packets or passively monitoring and is a requirement for some web filtering services such as Websense. Today, I want to focus on the SPAN session from a packet capturing standpoint.

If we mirror a switch port that sees a high volume of traffic simply mirroring all of that traffic to our packet capturing port could be too much for our capture system to consume. Fortunately, there is a way to do this through access control lists on the switch itself. Continue reading

Posted in Networking | Tagged , , , , , | 4 Comments

Capture Files from Data Streams with Wireshark

Most networkers are familiar with the basic capabilities available in Wireshark. Packet captures are very helpful when troubleshooting a host of network problems. One feature folks may be less familiar with in Wireshark is it’s ability to actually save files that were seen as part of a packet capture. Continue reading

Posted in Networking | Tagged , , , | Leave a comment

Passive Sniffing on Windows

With Linux you can configure a sniffing only port relatively easy. Put it in promiscuous mode without an IP and sniff away passively. With windows, there is typically always an IP address assigned to an interface. If not statically assigned the interface will search for DHCP and will ultimately end up with an address in the 169 range if no address information is found. Either way there will be information from your machine showing up in a full, unfiltered packet capture. To get around this you will actually want to disable the TCP/IP stack for that interface. If this is … Continue reading

Posted in Networking, Security | Tagged , , | Leave a comment