Ok, so most of us knows about packet sniffer like tcpdump and wireshark. These two are the best open source sniffers that is freely available in the market today. But, most of us also know that majority of the company are using switches now rather than the good old hub because of the bad architecture of how a hub works. Well, to sniff all traffic from a switch you would need to perform ARP spoofing, but to sniff traffic from a hub, just install your sniffer on your machine and start sniffing from the network. Well, i guess for cisco switches, you can try to install Cisco Dynamic Arp Inspection to defeat ARP spoofing. Personally, i had not tried that, but you can read more about it here: http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00804357b1.html
My point today is not about ARP spoofing, instead i would love to talk about the capture command from the PIX firewall. This command functions almost like a sniffer where you can choose to sniff all the traffic that traverse through the firewall. Besides that, you can also do filtering based on IP addresses and port numbers. Moreover, this command can also be used for troubleshooting if you were to setup multiple servers or networks. Personally, i had tried it 2 years back when i was configuring a firewall, and there is no questions about it that it is so good to have a sniffer like command in the firewall. Well, I shan't go deep into details of how to use or configure this command, because a simple yet detailed article had been published. Let me know what you guys think?