tmaususer
asked on
Preventing Loops when Creating a Sniffer
After reading several articles, I have not found a simple answer to a simple question. I want to setup a sniffer. I what to use one server with two NICs, one NIC will be receiving mirrored traffic and the other NIC will allow me to remote into the server and view the Wireshark captures. My fear is that I will create a loop. I have read several articles. One the sticks out is not giving a gateway address to the receiving NIC. How would I properly setup my NICs to prevent creating a loop?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You'll have to refer to your device docs to see if this is possible.
Most... recent devices allow both Port Mirroring (of some other port) along with any other traffic.
Some devices block all other traffic.
So the question is if your device support this or not.
I still can't see where you'd end up with any problems.
And... the easy way to know for sure, is to setup + test your device config.
Then just fix any oddities. Likely you can figure this out, or open a support ticket with your device manufacturer.
Most... recent devices allow both Port Mirroring (of some other port) along with any other traffic.
Some devices block all other traffic.
So the question is if your device support this or not.
I still can't see where you'd end up with any problems.
And... the easy way to know for sure, is to setup + test your device config.
Then just fix any oddities. Likely you can figure this out, or open a support ticket with your device manufacturer.
https://networkhop.wordpress.com/2016/04/27/port-mirroring-with-iptables/ provides a good overview of how to accomplish this using an Ubuntu iptables setup.
ASKER
My device is Cisco and SPAN by default eliminates viewing on the same port as receiving. This is a production environment so I want to avoid to much playing. I should have to contact Cisco to setup a simple sniffer. I think I don't know how to express what I am talking about.
ASKER
I forgot to mention this is a 2016 Microsoft server.
ASKER
Thank you for the informaton.
You're welcome!
Good luck!
Good luck!
ASKER