PDA

View Full Version : QSTN: sniffer setup for GBPS traffic is different from MBPS traffic?



marc_kriss
02-10-2014, 06:59 PM
Hello all,
I am about to prepare a sniffer setup for network (or precisely for one machine).
AIM: Sniff & monitor all the traffic that is to and fro from my physical machine.

Tomorrow I am going for setting up the passive trap. It is as follows:
1. Trap wire no. 1 & 2 (Tx) and crimp it at no. 3 & 6 on a RJ-45 jack (so that it capture the traffic sent out from target machine).
2. Trap wire no. 3 & 6 (Rx) and crimp it on a separate cable's no. 3 & 6 RJ-45 jack (so that all incoming traffic for that machine could be captured).
3. Now two separate Ethernet cables are prepared. Insert them into two LAN ports of my machine. Team them (using some linux tool, I forgot the name) and use wireshark to get both outgoing & incoming packets.

But a situation: My laptop has only one LAN port. So I am planning to attach one trap cable to LAN port and another to my USB port (using an Ethernet to USB converter). Will that work???

Further: I read somewhere that setting up a sniffer for GBPS traffic is much difficult, because it uses all of the wires of ethernet cable (compared to 4 wires as used for MBPS traffic).

Now if that is true, what is the procedure for capturing traffic GBPS traffic. I'll include both in one hardware setup only.

Thanks...

spidey
02-18-2014, 09:59 PM
you gonna use your host as a gateway?, or going to bridge both the adapters?