TCPdump with NAC

Unanswered Question
Mar 19th, 2009
User Badges:

How can I use TCPdump with the CAS? When specifying a physical interface while using TCPdump, it only picks up broadcast traffic. For example tcpdump -vv -nn -i eth1. Is there special options to look at all traffic through the CAS in my L3 deployment. Do I need to use the fake interfaces?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
greg.washburn Thu, 03/19/2009 - 06:38
User Badges:

I use eth0 and fake0 dumps together. 1 is the inbound and one seems to represent an outbound. It may also be that it represents the internal routing within the cas.

However, to me it was easier to get a real picture by spanning the switch ports connected to the cas off to a wireshark device. Then perform the capture on the wireshark device.

Keep in mind if you are spanning from a remote switch your capture will not include vlan tags so if possible consider spanning to a port on the same switch connected to the CAS.

Actions

This Discussion