Here’s a chance to learn a little bit about network security. This article walks us through some of the core concepts of network manipulation and packet sniffing using Linux tools. [Joey Bernard] discusses the uses for packages like tcpdump, p0f, and dsniff. They are capable of recording all network traffic coming through your computer’s connection, seeking out machines installed on the network, and listening to traffic for a specific machine. This isn’t going to give you a step-by-step for cracking modern networks. It will provide some insight on what is going on with your network and you should be able to purpose these tools to check that you’ve got adequate security measures in place.
Making a passive network tap can be an easy and inexpensive undertaking as shown in this Instructable. Passive monitoring or port mirroring is needed because most networks use switches which isolate the network traffic and this does not allow for the entire network to be monitored. This example uses a single tap, using multiple taps will provide access to the full-duplex data separately. By using two taps you are able to monitor inbound data that is passed through one tap, and outbound data that is passed through the other tap. Separate taps are desired because most sniffer software handles half-duplex traffic only and requires two network cards for full-duplex.
Continue reading “Passive Network Tap”