01-21-2019 04:57 PM
Hello All,
I need to capture traffic from a secure network but a PC will be capturing the traffic so one NIC will be used for the SPAN traffic and the other will be connected to another less secure network for management. Can a hacker use that SPAN port to get into the secure network?
Thanks all,
01-21-2019 05:23 PM
It is SPAN port, so this is only Listening Mode. that means it only receiving capabilities of all the traffic ( or mirroring all the traffic in the network), Other side if you conncted to Management, this means most of the admin only have access.
if this Manangement side network compromised, then your network is on some one hands.. can be done many things.
01-21-2019 05:48 PM
Thanks those two networks are obviously separated so the switches are different. Logically can an attacker on the less secure network compromise the switch that the SPAN port is plugged into?
01-22-2019 10:38 AM
As BB stated the port used for SPAN is in a mode where it listens to traffic but is not able to send any traffic. If an attacker is able to access the PC then they would be able to observe traffic on the secure network and some people might regard that as a compromise. But the attacker would not be able to perform any action in the more secure network to compromise it.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide