Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How can I capture a attack traffic ?

I need the community opinion please. For my project, I have to perform some attacks to propose a securing solution but I'm not sure about my capturing manipulation. My achitecture contains a attacker machine, a machine with a mirroring port, a machine victim and a server machine and I need to capture only the attack traffic.

So I performed an attack from the attacker machine and I capture my traffic in this same machine but I captured also the traffic in the a machine with a mirroring port since I were not sure about the machine where I have to make my capture.

My question is : is my approach concerning the attack capture right or wrong ? Maybe I have to take into a count the capture done in the machine with a mirroring port ? I asked this question because found some inconsistency in the pcap file like the absence of some protocols