Network Tap and Capture Traffic over network By TCPDUMP or Wireshark.

[fabusa...@gmail.com]

Hi. 

I would like to ask a small help please.

I would like to capture traffic over my private network in order to simulate hacking and Security behavior.

 I set up my router and connected several devices over Wi-Fi and Cable. I switched Wireshark in order to capture traffic but I would not.

I already read about it and I found there should be a Network Tap or Managed Switch in order to capture it but I not sure about this idea. Anyone please could help in capture traffic ? It's mandatory to have a switch or Tap Network to capture it or there is another way of doing that. 

Thank you so much. 

[Jose Antonio Izquierdo]

Hi, Fadi, just to be sure. These two links are also yours, right?

.- https://groups.google.com/u/1/g/wazuh/c/VPrgvb-IPxk

.- https://groups.google.com/u/1/g/wazuh/c/ouafzhHMraU

about sniffing,

So. yes, to be able to capture traffic you will need a device with mirror capabilities.

Here you have a block diagram of what your network should look like.

Some times wifi router has monitoring capabilities, so you would need the two boxes. just one will work. But this usually doesn't happen.

Another point is your internet router using a wifi system. this is my scenario, so I did buy a wifi router and an extra switch to have a better and easier way to monitor my network.

Most the important thing here is the sniffing workstation, the one that will run Suricata/Zeek/tcpdump/wireshark, this should be connected to the network with two interfaces. one with IP to be able to manage it and the second interface without IP and wired to the monitor port on your switch.

Happy to have a deeper discussion about this, please as requested in the other thread, share your network so we can share with you more options.

Hope this helps,

Thanks  so much