Wireshark-users: Re: [Wireshark-users] One NIC on public side

From: "Terry Martin" <tmartin@xxxxxxxxxxxxxxxx>
Date: Wed, 12 May 2010 23:37:05 -0500
Depending on the OS. You may need to aet the port you are monitoring into permiscuous mode. Some do not auto configure

I am not sure how secure it will be, it depends on the firewall. You still have a Mac address that can be attack

I am also causious

Sent from my iPhone

On May 12, 2010, at 11:20 PM, "mike@xxxxxxxxxxxx" <mike@xxxxxxxxxxxx> wrote:

The server I'm using wireshark on has two NICs.
I put NIC0 on the LAN side which is how I remotely manage the server.
I put NIC1 on a hub just before the firewall so that I can see all public traffic before it hits the firewall.

On NIC1, I do not have any IP assigned which is on my lan but have 169.254.1.2 on it. From what I understand, the NIC goes into promiscuous mode when wireshark and other network monitoring software fires up to use that NIC.

What I wondered about was, just now safe is it to have that NIC on the public side?

Thanks.

___________________________________________________________________________


Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx? subject=unsubscribe