Wireshark for Ethical Hackers - 11

Wireshark for Ethical Hackers - 11

Capturing Traffic

Where to capture traffic?

• Locally (GUI and CLI)
• Remotely
• Inline
  • Hub - Half duplex
  • Test Access Port (TAP) - Full duplex
    • Non-aggregating Taps - One direction per port
    • Aggregating Taps - Both directions on one port
    • Regenerating Taps - Multiple recipient devices
    • Link Aggregation Taps - Combine multiple monitored devices
• Switched Port Analysis (SPAN)/Port mirroring
  • Copy traffic from one port to another
• On-device (Cisco)
• Wireless
  • Monitor mode - Receive all packets on a specified channel
  • Promiscuous mode - Receive only packets on the connected SSID