How can I capture a attack traffic ?

asked 2020-03-12 15:36:10 +0000

salwa1215 gravatar image

I need the community opinion please. For my project, I have to perform some attacks to propose a securing solution but I'm not sure about my capturing manipulation. My achitecture contains a attacker machine, a machine with a mirroring port, a machine victim and a server machine and I need to capture only the attack traffic.

So I performed an attack from the attacker machine and I capture my traffic in this same machine but I captured also the traffic in the a machine with a mirroring port since I were not sure about the machine where I have to make my capture.

My question is : is my approach concerning the attack capture right or wrong ? Maybe I have to take into a count the capture done in the machine with a mirroring port ? I asked this question because found some inconsistency in the pcap file like the absence of some protocols

edit retag flag offensive close merge delete