I need the community opinion please. For my project, I have to perform some attacks to propose a securing solution but I'm not sure about my capturing manipulation. My achitecture contains a attacker machine, a machine with a mirroring port, a machine victim and a server machine and I need to capture only the attack traffic.
So I performed an attack from the attacker machine and I capture my traffic in this same machine but I captured also the traffic in the a machine with a mirroring port since I were not sure about the machine where I have to make my capture.
My question is : is my approach concerning the attack capture right or wrong ? Maybe I have to take into a count the capture done in the machine with a mirroring port ? I asked this question because found some inconsistency in the pcap file like the absence of some protocols
